"이런 이유로 https 사용은 세계적 추세다." <div><br></div> <div>무튼, 인알못이라 내 말의 진위는 보장하지 않는다.</div> <div><br></div> <div><hr>? (자연/)사회는 사실(주어진 것)인가 가치(만들어진 것)인가</div> <div>대상과 언어, 式 뉴튼, 자연, 언어.</div> <div>본능이 부여한 권리</div> <div>상태의 변화와 진화</div> <div><br></div> <div><br></div> <div><hr></div> <div><div>[?] 국내에는 DNS over TLS가 없다.</div> <div>[?] HTTP TCP handshake/HTTPs TLS handshake</div> <div>[?]</div> <div><br></div> <div>방송통신위원회 측은 “「정보통신망법」등 근거 법령에 따라 불법인 해외사이트의 접속을 차단하는 것은 인터넷을 검열하거나 표현의 자유를 침해하는 것은 아니다”라며 “암호화되지 않고 공개되어 있는 SNI 필드영역을 활용해 접속을 차단하는 방식은 암호화된 통신내용을 열람 가능상태로 전환하는 감청과는 무관하다”라고 거듭 강조했다.</div> <div> <div>69 2e 73 74 61 63 6b 2e 69 6d 67 75 72 23 63 6f 6d := i.stack.imgur.com</div> <div><br></div> <div>통신비밀보호법</div> <div>7. "감청"이라 함은 전기통신에 대하여 당사자의 동의없이 전자장치ㆍ기계장치등을 사용하여 통신의 음향ㆍ문언ㆍ부호ㆍ영상을 청취ㆍ공독하여 그 내용을 지득 또는 채록하거나 전기통신의 송ㆍ수신을 방해하는 것을 말한다.</div></div> <div><br></div> <div>Build a DNS Packet Sniffer with Scapy and Python BY THE DEFALT 08/04/2015 3:54 PM <a target="_blank" href="https://null-byte.wonderhowto.com/how-to/build-dns-packet-sniffer-with-scapy-and-python-0163601/" target="_blank">https://null-byte.wonderhowto.com/how-to/build-dns-packet-sniffer-with-scapy-and-python-0163601/</a></div> <div><br></div> <div>Build a Man-in-the-Middle Tool with Scapy and Python BY THE DEFALT 07/31/2015 4:00 AM <a target="_blank" href="https://null-byte.wonderhowto.com/how-to/build-man-middle-tool-with-scapy-and-python-0163525/" target="_blank">https://null-byte.wonderhowto.com/how-to/build-man-middle-tool-with-scapy-and-python-0163525/</a></div></div> <div><br></div> <div>TCP/IP Updated: 11/13/2018 by Computer Hope <a target="_blank" href="https://www.computerhope.com/jargon/t/tcpip.htm" target="_blank">https://www.computerhope.com/jargon/t/tcpip.htm</a></div> <div><br></div> <div><br></div> <div><img src="https://www.computerhope.com/jargon/p/packet.jpg" alt="Network TCP and IP packet" width="500" height="513" class="resize500" style="font-family:'-webkit-standard';"></div> <div><br></div> <div><p style="margin:0px 0px 1em;padding:0px;border:0px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:inherit;font-size:15px;vertical-align:baseline;clear:both;color:#242729;">Since nobody provided a wire capture, here's one.<br><strong style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;">Server Name</strong> (the domain part of the URL) is presented in the <code style="margin:0px;padding:1px 5px;border:0px;font-family:Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif;font-style:inherit;line-height:inherit;font-size:13px;vertical-align:baseline;background-color:#eff0f1;white-space:pre-wrap;">ClientHello</code> packet, in <strong style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;">plain text</strong>.</p> <p style="margin:0px 0px 1em;padding:0px;border:0px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:inherit;font-size:15px;vertical-align:baseline;clear:both;color:#242729;">The following shows a browser request to:<br><code style="margin:0px;padding:1px 5px;border:0px;font-family:Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif;font-style:inherit;line-height:inherit;font-size:13px;vertical-align:baseline;background-color:#eff0f1;white-space:pre-wrap;"><a target="_blank" href="https://i.stack.imgur.com/path/?some=parameters&go=here" target="_blank">https://i.stack.imgur.com/path/?some=parameters&go=here</a></code></p> <p style="margin:0px 0px 1em;padding:0px;border:0px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:inherit;font-size:15px;vertical-align:baseline;clear:both;color:#242729;"><a target="_blank" href="https://i.stack.imgur.com/rdHZZ.png" style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;color:#005999;" target="_blank"><img src="https://i.stack.imgur.com/rdHZZ.png" alt="ClientHello SNI" style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;"></a><a target="_blank" href="https://security.stackexchange.com/a/32790" style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;color:#005999;" target="_blank">See this answer</a> for more on TLS version fields (there are 3 of them - not versions, fields that each contain a version number!)</p> <p style="margin:0px 0px 1em;padding:0px;border:0px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:inherit;font-size:15px;vertical-align:baseline;clear:both;color:#242729;">From <a target="_blank" href="https://www.ietf.org/rfc/rfc3546.txt" style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;color:#005999;" target="_blank">https://www.ietf.org/rfc/rfc3546.txt</a>:</p><blockquote style="margin:0px 0px 10px;padding:10px;border-width:0px 0px 0px 2px;border-left-style:solid;border-left-color:#ffeb8e;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:inherit;font-size:15px;vertical-align:baseline;background-color:#fff8dc;color:#242729;"><br class="Apple-interchange-newline"></blockquote></div> <div><div class="post-text" style="font-style:inherit;margin:0px 0px 5px;padding:0px;border:0px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:1.3;font-size:15px;vertical-align:baseline;width:613px;"> <h3 style="margin:0px 0px 1em;padding:0px;border:0px;font-family:inherit;font-style:inherit;font-weight:400;line-height:1.3;font-size:17px;vertical-align:baseline;">In short:</h3> <ul style="margin:0px 0px 1em 30px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;"><li style="margin:0px 0px .5em;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;"> <p style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;clear:both;">FQDN (the domain part of the URL) <strong style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;">MAY</strong> be transmitted <strong style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;">in clear</strong> inside the <code style="margin:0px;padding:1px 5px;border:0px;font-family:Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif;font-style:inherit;line-height:inherit;font-size:13px;vertical-align:baseline;background-color:#eff0f1;white-space:pre-wrap;">ClientHello</code> packet if SNI extension is used</p></li> <li style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;"> <p style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;clear:both;">The rest of the URL (<code style="margin:0px;padding:1px 5px;border:0px;font-family:Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif;font-style:inherit;line-height:inherit;font-size:13px;vertical-align:baseline;background-color:#eff0f1;white-space:pre-wrap;">/path/?some=parameters&go=here</code>) has no business being inside <code style="margin:0px;padding:1px 5px;border:0px;font-family:Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif;font-style:inherit;line-height:inherit;font-size:13px;vertical-align:baseline;background-color:#eff0f1;white-space:pre-wrap;">ClientHello</code> since the request URL is a HTTP thing (OSI Layer 7), therefore it will never show up in a TLS handshake (Layer 4 or 5). That will come later on in a <code style="margin:0px;padding:1px 5px;border:0px;font-family:Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif;font-style:inherit;line-height:inherit;font-size:13px;vertical-align:baseline;background-color:#eff0f1;white-space:pre-wrap;">GET /path/?some=parameters&go=here HTTP/1.1</code> HTTP request, <strong style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;">AFTER</strong> the <strong style="margin:0px;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;">secure</strong> TLS channel is established.</p></li></ul><p style="margin:0px 0px 1em;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;clear:both;"><br></p> <h2 style="margin:0px 0px 1em;padding:0px;border:0px;font-family:inherit;font-style:inherit;font-weight:400;line-height:1.3;font-size:19px;vertical-align:baseline;">EXECUTIVE SUMMARY</h2> <p style="margin:0px 0px 1em;padding:0px;border:0px;font-family:inherit;font-style:inherit;line-height:inherit;vertical-align:baseline;clear:both;">Domain name MAY be transmitted in clear (if SNI extension is used in the TLS handshake) but URL (path and parameters) is always encrypted.</p></div> <div class="grid mb0 fw-wrap ai-start jc-end gs8 gsy" style="font-family:inherit;font-style:inherit;margin:-4px 0px 0px;padding:0px;border:0px;line-height:inherit;font-size:13px;vertical-align:baseline;"> <div class="grid--cell mr16" style="margin:4px 0px;padding:0px;border:0px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;line-height:inherit;vertical-align:baseline;color:#242729;"><br class="Apple-interchange-newline"></div></div></div> <div><hr><pre class="newpage" style="font-size:13.333333015441895px;margin-top:0px;margin-bottom:0px;"><span class="h3" style="line-height:0pt;display:inline;font-size:1em;font-weight:bold;"></span></pre> <h3 style="line-height:0pt;display:inline;font-size:1em;"><a class="selflink" href="https://tools.ietf.org/html/rfc5246#appendix-A.4" style="color:#000000;text-decoration:none;" target="_blank">A.4</a>. Handshake Protocol</h3> </div> <div> enum { hello_request(0), client_hello(1), server_hello(2), certificate(11), server_key_exchange (12), certificate_request(13), server_hello_done(14), certificate_verify(15), client_key_exchange(16), finished(20) (255) } HandshakeType; </div> <div><span style="font-size:9pt;"><br></span></div> <div><span style="font-size:9pt;"> struct { HandshakeType msg_type; uint24 length; select (HandshakeType) { case hello_request: HelloRequest; </span><span style="font-size:9pt;background-color:#4f81bd;">case client_hello: ClientHello;</span><span style="font-size:9pt;"> case server_hello: ServerHello; case certificate: Certificate; case server_key_exchange: ServerKeyExchange; case certificate_request: CertificateRequest; case server_hello_done: ServerHelloDone; case certificate_verify: CertificateVerify; case client_key_exchange: ClientKeyExchange; case finished: Finished; } body; } Handshake;</span></div> <div><pre class="newpage" style="font-size:13.333333015441895px;margin-top:0px;margin-bottom:0px;"><span class="h4" style="line-height:0pt;display:inline;font-size:1em;font-weight:bold;"></span></pre> <h4 style="line-height:0pt;display:inline;font-size:1em;"><br></h4></div> <div><h4 style="line-height:0pt;display:inline;font-size:1em;"><a class="selflink" href="https://tools.ietf.org/html/rfc5246#appendix-A.4.1" style="color:#000000;text-decoration:none;" target="_blank">A.4.1</a>. Hello Messages</h4> </div> <div> struct { } HelloRequest; </div> <div> struct { uint32 gmt_unix_time; opaque random_bytes[28]; } Random; opaque SessionID<0..32>; uint8 CipherSuite[2]; enum { null(0), (255) } CompressionMethod; struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello; <br><pre class="newpage" style="font-size:13.333333015441895px;margin-top:0px;margin-bottom:0px;"></pre><pre class="newpage" style="margin-top:0px;margin-bottom:0px;"><span class="h3" style="line-height:0pt;display:inline;font-size:1em;font-weight:bold;"></span></pre> <h3 style="line-height:0pt;display:inline;font-size:1em;"><strike><br></strike></h3></div> <div><h3 style="line-height:0pt;display:inline;font-size:1em;"><strike><a class="selflink" href="https://tools.ietf.org/html/rfc3546#section-2.3" style="color:#000000;text-decoration:none;" target="_blank">2.3</a>.</strike> Hello Extensions</h3> The extension format for extended client hellos and extended server hellos is: </div> <div> struct { ExtensionType extension_type; opaque extension_data<0..2^16-1>; } Extension; </div> <div> Here: - "extension_type" identifies the particular extension type. </div> <div> - "extension_data" contains information specific to the particular extension type. </div> <div> The extension types defined in this document are: </div> <div> enum { server_name(0), max_fragment_length(1), client_certificate_url(2), trusted_ca_keys(3), truncated_hmac(4), status_request(5), (65535) } ExtensionType; <br class="Apple-interchange-newline" style="font-family:'-webkit-standard';white-space:normal;"><pre class="newpage" style="font-size:13.333333015441895px;margin-top:0px;margin-bottom:0px;"><br></pre><pre class="newpage" style="font-size:13.333333015441895px;margin-top:0px;margin-bottom:0px;"><strike> struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello; struct { ExtensionType extension_type; opaque extension_data<0..2^16-1>; } Extension; </strike></pre><pre class="newpage" style="font-size:13.333333015441895px;margin-top:0px;margin-bottom:0px;"><strike> enum { signature_algorithms(13), (65535) } ExtensionType; enum{ none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), sha512(6), (255) } HashAlgorithm; enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } SignatureAlgorithm; struct { HashAlgorithm hash; SignatureAlgorithm signature; } SignatureAndHashAlgorithm; SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-1>;</strike></pre></div> <div><strike><br></strike></div>
댓글 분란 또는 분쟁 때문에 전체 댓글이 블라인드 처리되었습니다.