How to extract an SSL/TLS message using scapy and python?

Question

I\'m trying to read a TLS message. Specifically, the one with the certificate details (handshake_type = 11). What I\'m doing is first checking that the message contains

Answer 1

If you want to play with TLS handshake, enable TLS on scapy using load_layer("tls").

That enables the TLS module, which supports handshake (requires scapy >= 2.4.0). Scapy will then correctly dissect TLS handshake/key... packets

You should first try

load_layer("tls")
packets = sniff(prn=lambda x:x.summary(), lfilter=lambda x: TLS in x)

And if you're using Scapy 2.4.4+, for better consistency you can even use

sniff([...], session=TLSSession)

Have a look on how the packets are built:

Example:

There is also a quite fancy guide here: https://github.com/secdev/scapy/blob/master/doc/notebooks/tls/notebook2_tls_protected.ipynb

So summarize:

You will find each packet when using load_layer("tls").

Note that there are a lot of packets and that TLSCertificate will only appear once. msg is a list because many informations can be contained in a single TLS packet