DS PoC #2

Created Diff never expires
65 removals
130 lines
62 additions
130 lines
Frame 414: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits) on interface \Device\NPF_{6581F787-E4B9-45C1-A19B-AFA1BC1556B9}, id 0
Frame 303: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits) on interface \Device\NPF_{6581F787-E4B9-45C1-A19B-AFA1BC1556B9}, id 0
Ethernet II, Src: Giga-Byt_fc:4d:40 (b4:2e:99:fc:4d:40), Dst: ASUSTekC_61:e6:c0 (3c:7c:3f:61:e6:c0)
Ethernet II, Src: Giga-Byt_fc:4d:40 (b4:2e:99:fc:4d:40), Dst: ASUSTekC_61:e6:c0 (3c:7c:3f:61:e6:c0)
Internet Protocol Version 4, Src: 192.168.1.164, Dst: 92.205.63.8
Internet Protocol Version 4, Src: 192.168.1.164, Dst: 92.205.63.8
0100 .... = Version: 4
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 712
Total Length: 712
Identification: 0x4591 (17809)
Identification: 0x4561 (17761)
010. .... = Flags: 0x2, Don't fragment
010. .... = Flags: 0x2, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 128
Time to Live: 128
Protocol: TCP (6)
Protocol: TCP (6)
Header Checksum: 0x0000 [validation disabled]
Header Checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
[Header checksum status: Unverified]
Source Address: 192.168.1.164
Source Address: 192.168.1.164
Destination Address: 92.205.63.8
Destination Address: 92.205.63.8
Transmission Control Protocol, Src Port: 55970, Dst Port: 443, Seq: 1, Ack: 1, Len: 672
Transmission Control Protocol, Src Port: 55966, Dst Port: 443, Seq: 1, Ack: 1, Len: 672
Transport Layer Security
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Version: TLS 1.0 (0x0301)
Length: 667
Length: 667
Handshake Protocol: Client Hello
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Handshake Type: Client Hello (1)
Length: 663
Length: 663
Version: TLS 1.2 (0x0303)
Version: TLS 1.2 (0x0303)
Random: 7c76cca5a84d82adab5f25d36f8975202b3d37cd526e685f3de2808a5e3edbb5
Random: da846fe830a00801145e04ac247000f519c342749c192e66036b5bc670a26bbb
Session ID Length: 32
Session ID Length: 32
Session ID: 4115fd6365c14ba1f19e8beba36f9fe2d0bb29aa38ec08de79a0d19139c18310
Session ID: c93c6c07cee88569704efcc70050f57fb273e035ebcc8feb875f22fd85c38259
Cipher Suites Length: 32
Cipher Suites Length: 32
Cipher Suites (16 suites)
Cipher Suites (16 suites)
Compression Methods Length: 1
Compression Methods Length: 1
Compression Methods (1 method)
Compression Methods (1 method)
Extensions Length: 558
Extensions Length: 558
Extension: Reserved (GREASE) (len=0)
Extension: Reserved (GREASE) (len=0)
Type: Reserved (GREASE) (27242)
Type: Reserved (GREASE) (51914)
Length: 0
Length: 0
Data: <MISSING>
Data: <MISSING>
Extension: supported_versions (len=7)
Type: supported_versions (43)
Length: 7
Supported Versions length: 6
Supported Version: Reserved (GREASE) (0xeaea)
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Text moved from lines 109-112
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Extension: compress_certificate (len=3)
Type: compress_certificate (27)
Length: 3
Algorithms Length: 2
Algorithm: brotli (2)
Text moved from lines 47-52
Extension: status_request (len=5)
Type: status_request (5)
Length: 5
Certificate Status Type: OCSP (1)
Responder ID list Length: 0
Request Extensions Length: 0
Extension: server_name (len=60)
Extension: server_name (len=60)
Type: server_name (0)
Type: server_name (0)
Length: 60
Length: 60
Server Name Indication extension
Server Name Indication extension
Server Name list length: 58
Server Name list length: 58
Server Name Type: host_name (0)
Server Name Type: host_name (0)
Server Name length: 55
Server Name length: 55
Server Name: 4ca0c934434c322a9c4623d496f112d803e32bfc.deadswitch.com
Server Name: 630b16ed25a57fb6da08d9f69dd7a41062b1f8b7.deadswitch.com
Text moved to lines 60-65
Text moved with changes from lines 75-83 (86.2% similarity)
Extension: status_request (len=5)
Extension: key_share (len=43)
Type: status_request (5)
Type: key_share (51)
Length: 5
Length: 43
Certificate Status Type: OCSP (1)
Key Share extension
Responder ID list Length: 0
Extension: supported_groups (len=10)
Request Extensions Length: 0
Type: supported_groups (10)
Length: 10
Supported Groups List Length: 8
Supported Groups (4 groups)
Extension: application_layer_protocol_negotiation (len=14)
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Type: application_layer_protocol_negotiation (16)
Length: 14
Length: 14
ALPN Extension Length: 12
ALPN Extension Length: 12
ALPN Protocol
ALPN Protocol
Text moved with changes to lines 104-110 (94.8% similarity)
Extension: application_settings (len=5)
Extension: signed_certificate_timestamp (len=0)
Type: application_settings (17513)
Type: signed_certificate_timestamp (18)
Length: 5
ALPS Extension Length: 3
Supported ALPN List
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Length: 0
Data (0 bytes)
Extension: extended_master_secret (len=0)
Extension: supported_versions (len=7)
Type: extended_master_secret (23)
Type: supported_versions (43)
Length: 0
Length: 7
Text moved with changes to lines 74-82 (86.2% similarity)
Supported Versions length: 6
Supported Version: Reserved (GREASE) (0xaaaa)
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Extension: supported_groups (len=10)
Type: supported_groups (10)
Length: 10
Supported Groups List Length: 8
Supported Groups (4 groups)
Extension: compress_certificate (len=3)
Type: compress_certificate (27)
Length: 3
Algorithms Length: 2
Algorithm: brotli (2)
Extension: ec_point_formats (len=2)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Type: ec_point_formats (11)
Length: 2
Length: 2
EC point formats Length: 1
EC point formats Length: 1
Elliptic curves point formats (1)
Elliptic curves point formats (1)
Extension: key_share (len=43)
Type: key_share (51)
Length: 43
Key Share extension
Extension: signed_certificate_timestamp (len=0)
Type: signed_certificate_timestamp (18)
Length: 0
Extension: signature_algorithms (len=18)
Extension: signature_algorithms (len=18)
Type: signature_algorithms (13)
Type: signature_algorithms (13)
Length: 18
Length: 18
Signature Hash Algorithms Length: 16
Signature Hash Algorithms Length: 16
Signature Hash Algorithms (8 algorithms)
Signature Hash Algorithms (8 algorithms)
Text moved with changes from lines 58-64 (94.8% similarity)
Extension: extended_master_secret (len=0)
Extension: application_settings (len=5)
Type: extended_master_secret (23)
Type: application_settings (17513)
Length: 5
ALPS Extension Length: 3
Supported ALPN List
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Length: 0
Text moved to lines 51-54
Extension: renegotiation_info (len=1)
Data (0 bytes)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Extension: Reserved (GREASE) (len=1)
Extension: Reserved (GREASE) (len=1)
Type: Reserved (GREASE) (31354)
Type: Reserved (GREASE) (23130)
Length: 1
Length: 1
Data: 00
Data: 00
Extension: pre_shared_key (len=315)
Extension: pre_shared_key (len=315)
Type: pre_shared_key (41)
Type: pre_shared_key (41)
Length: 315
Length: 315
Pre-Shared Key extension
Pre-Shared Key extension
Identities Length: 278
Identities Length: 278
PSK Identity (length: 272)
PSK Identity (length: 272)
Identity Length: 272
Identity Length: 272
Identity: 8c74c765b707ce1e896d23f467f401e29a9634564acfa3adad0675eaac876743c300d3f6…
Identity: 8c74c765b707ce1e896d23f467f401e2e9f621f8fe2b75180d33904461762b7a76910b10…
Obfuscated Ticket Age: 2559937343
Obfuscated Ticket Age: 14316052
PSK Binders length: 33
PSK Binders length: 33
PSK Binders
PSK Binders
[JA3 Fullstring: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-5-16-17513-45-35-43-10-27-11-51-18-13-23-65281-41,29-23-24,0]
[JA3 Fullstring: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,43-45-65281-27-5-0-51-10-16-18-23-11-13-17513-35-41,29-23-24,0]
[JA3: e216562870e637f6d50cf0c3cd8fe307]
[JA3: 0f52af8508550bfee824a6b3d095f6c7]