Wireshark dekodieren nur eine Richtung ⇐ Python

[Guest]

Ich habe einen Python -Chat -Client geschrieben, der TLS -Verschlüsselung verwendet. Der Server wird auf einem PC und Client auf einem anderen ausgeführt. < /p>
Client erstellt keine eigenen SSL -Tasten. PCAP mit TCPDump auch auf dem Server -PC. dekodiert. Server -> Client -Nachrichten bleiben verschlüsselt. Warum ist das?

Code: Select all

SERVER_HANDSHAKE_TRAFFIC_SECRET 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 83156d3d139ab2bda9fb30bc68699fadeaff736373585e9296618973b804e67b858f904b6d67d35791f154d2df1c53ec
CLIENT_HANDSHAKE_TRAFFIC_SECRET 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 d27b9286b3f209da0cfca1055cd6c5a0b7dc638a3b47b760fc52c46530c6f0129e3ab8cb97de02d708dcd78e4b8eeef6
EXPORTER_SECRET 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 a81094854b39ab0a39ab4b1d0669591024a3c05d4a8b0df0870e2df824b447b9cdd206e4f120dbeb871a0f642bff783b
SERVER_TRAFFIC_SECRET_0 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 fa8a418607881a3c78082009acded37a4f1640b6d7e4932785b071bd3dcae67aaef91ef664bb1fc1f01e22d800b11e73
CLIENT_TRAFFIC_SECRET_0 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 f90a697b55859c7144ccf34c499869cddbec964f37386ab08cf7ed137cd54c53b9c119b42fda4f37b0ba3e5a62694cf7
< /code>
server.py:
import socket
import ssl
import argparse

# Server-side
def create_tls_server(certfile, keyfile, port):
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(certfile, keyfile)

hostname = socket.gethostname()
IPAddr = socket.gethostbyname(hostname)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
sock.bind((IPAddr, port))
sock.listen(2)

print(f"Server started on {IPAddr}:{port}. Waiting for connections...")

while True:
client_socket, addr = sock.accept()  # Accept raw connection
try:
ssl_conn = context.wrap_socket(client_socket, server_side=True)  # Wrap here
print(f"Connected by {addr}.  Waiting for message...")
while True:
data = ssl_conn.recv(1024).decode()
if not data:
break
print(f"Received: {data}")
if data == 'bye':
break
print(">> ", end='')
response = input()
ssl_conn.send(response.encode())
except Exception as e:
print(f"Error: {e}")
finally:
ssl_conn.close()
client_socket.close()  # close the connection
print(f"Connection with {addr} closed.")
break

if __name__ == '__main__':
parser = argparse.ArgumentParser(description="TLS Server")
parser.add_argument("-p", "--port", type=int, default=8500, help="Port number")
parser.add_argument("-v", "--version", type=int, default=ssl.PROTOCOL_TLS_SERVER, help="TLS Version")
args = parser.parse_args()

create_tls_server('./server.crt', './server.key', args.port)
< /code>
client.py:
import socket
import ssl
import argparse

# Client-side
def connect_tls_client(cafile, port, host):
context = ssl.create_default_context()
context.load_verify_locations(cafile)

sock = socket.socket()  # instantiate
sock.connect((host, port))  # connect to the server

client_socket = context.wrap_socket(sock, server_hostname=host)

print(">> ", end='')
message = input()

while message.lower().strip() != 'bye':
client_socket.send(message.encode())  # send message
data = client_socket.recv(1024).decode()  # receive response
if not data:
break

print('Received from server: ' + data)  # show in terminal

if data == 'bye':
break

print(">> ", end='')
message = input()

client_socket.close()  # close the connection

if __name__ == '__main__':
parser = argparse.ArgumentParser(description="TLS Client")
parser.add_argument("-s", "--server_ip", default="name-of-remote-serverenter image description here", help="Server IP address")
parser.add_argument("-p", "--port", type=int, default=8500, help="Port number")
parser.add_argument("-v", "--version", type=int, default=ssl.PROTOCOL_TLS_SERVER, help="TLS Version")
args = parser.parse_args()

connect_tls_client('./server.crt', args.port, args.server_ip)