DS PoC

Created Diff never expires
55 removals
130 lines
52 additions
130 lines
Frame 526: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits) on interface \Device\NPF_{6581F787-E4B9-45C1-A19B-AFA1BC1556B9}, id 0
Frame 506: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits) on interface \Device\NPF_{6581F787-E4B9-45C1-A19B-AFA1BC1556B9}, id 0
Ethernet II, Src: Giga-Byt_fc:4d:40 (b4:2e:99:fc:4d:40), Dst: ASUSTekC_61:e6:c0 (3c:7c:3f:61:e6:c0)
Ethernet II, Src: Giga-Byt_fc:4d:40 (b4:2e:99:fc:4d:40), Dst: ASUSTekC_61:e6:c0 (3c:7c:3f:61:e6:c0)
Internet Protocol Version 4, Src: 192.168.1.164, Dst: 92.205.63.8
Internet Protocol Version 4, Src: 192.168.1.164, Dst: 92.205.63.8
0100 .... = Version: 4
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 712
Total Length: 712
Identification: 0x45b0 (17840)
Identification: 0x45ab (17835)
010. .... = Flags: 0x2, Don't fragment
010. .... = Flags: 0x2, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 128
Time to Live: 128
Protocol: TCP (6)
Protocol: TCP (6)
Header Checksum: 0x0000 [validation disabled]
Header Checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
[Header checksum status: Unverified]
Source Address: 192.168.1.164
Source Address: 192.168.1.164
Destination Address: 92.205.63.8
Destination Address: 92.205.63.8
Transmission Control Protocol, Src Port: 55974, Dst Port: 443, Seq: 1, Ack: 1, Len: 672
Transmission Control Protocol, Src Port: 55972, Dst Port: 443, Seq: 1, Ack: 1, Len: 672
Transport Layer Security
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Version: TLS 1.0 (0x0301)
Length: 667
Length: 667
Handshake Protocol: Client Hello
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Handshake Type: Client Hello (1)
Length: 663
Length: 663
Version: TLS 1.2 (0x0303)
Version: TLS 1.2 (0x0303)
Random: 3a562b732037d0879bb34adedc200f831e2e6e7d0339ce0681a6fb6cdef274a6
Random: 2056759bcb0c48b74ef3a55e1a5f0ed8b898e0b6a7b2514af989c8656018f222
Session ID Length: 32
Session ID Length: 32
Session ID: 22ee6375394d523983a41f78d7654b4d5a8060883856d30014387e8ce601d0d9
Session ID: b9b06f6a983e9481f72a6373ddb7be83b6112bdf40807ea05017a6684c13ca55
Cipher Suites Length: 32
Cipher Suites Length: 32
Cipher Suites (16 suites)
Cipher Suites (16 suites)
Compression Methods Length: 1
Compression Methods Length: 1
Compression Methods (1 method)
Compression Methods (1 method)
Extensions Length: 558
Extensions Length: 558
Extension: Reserved (GREASE) (len=0)
Extension: Reserved (GREASE) (len=0)
Type: Reserved (GREASE) (27242)
Type: Reserved (GREASE) (56026)
Length: 0
Length: 0
Data: <MISSING>
Data: <MISSING>
Text moved to lines 73-77
Extension: signature_algorithms (len=18)
Extension: renegotiation_info (len=1)
Type: signature_algorithms (13)
Type: renegotiation_info (65281)
Length: 18
Length: 1
Signature Hash Algorithms Length: 16
Renegotiation Info extension
Signature Hash Algorithms (8 algorithms)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: compress_certificate (len=3)
Extension: compress_certificate (len=3)
Type: compress_certificate (27)
Type: compress_certificate (27)
Length: 3
Length: 3
Algorithms Length: 2
Algorithms Length: 2
Algorithm: brotli (2)
Algorithm: brotli (2)
Text moved to lines 60-64
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Length: 14
ALPN Extension Length: 12
ALPN Protocol
Text moved to lines 53-56
Extension: key_share (len=43)
Type: key_share (51)
Length: 43
Key Share extension
Extension: application_settings (len=5)
Extension: application_settings (len=5)
Type: application_settings (17513)
Type: application_settings (17513)
Length: 5
Length: 5
ALPS Extension Length: 3
ALPS Extension Length: 3
Supported ALPN List
Supported ALPN List
Text moved from lines 63-66
Extension: key_share (len=43)
Type: key_share (51)
Length: 43
Key Share extension
Extension: extended_master_secret (len=0)
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Type: extended_master_secret (23)
Length: 0
Length: 0
Text moved from lines 58-62
Extension: renegotiation_info (len=1)
Extension: application_layer_protocol_negotiation (len=14)
Text moved with changes to lines 88-95 (87.3% similarity)
Type: renegotiation_info (65281)
Type: application_layer_protocol_negotiation (16)
Length: 1
Length: 14
Renegotiation Info extension
ALPN Extension Length: 12
Extension: psk_key_exchange_modes (len=2)
ALPN Protocol
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: signed_certificate_timestamp (len=0)
Type: signed_certificate_timestamp (18)
Length: 0
Extension: server_name (len=60)
Extension: server_name (len=60)
Type: server_name (0)
Type: server_name (0)
Length: 60
Length: 60
Server Name Indication extension
Server Name Indication extension
Server Name list length: 58
Server Name list length: 58
Server Name Type: host_name (0)
Server Name Type: host_name (0)
Server Name length: 55
Server Name length: 55
Server Name: de6c65b415cde1e01bb0b050fac3baaa2139a8fa.deadswitch.com
Server Name: 3ee36864b07ec28b12f0853df6e07f84558cb011.deadswitch.com
Text moved from lines 39-43
Extension: signature_algorithms (len=18)
Type: signature_algorithms (13)
Length: 18
Signature Hash Algorithms Length: 16
Signature Hash Algorithms (8 algorithms)
Extension: status_request (len=5)
Extension: status_request (len=5)
Type: status_request (5)
Type: status_request (5)
Length: 5
Length: 5
Certificate Status Type: OCSP (1)
Certificate Status Type: OCSP (1)
Responder ID list Length: 0
Responder ID list Length: 0
Request Extensions Length: 0
Request Extensions Length: 0
Text moved to lines 103-107
Extension: supported_groups (len=10)
Extension: session_ticket (len=0)
Type: supported_groups (10)
Type: session_ticket (35)
Length: 10
Length: 0
Supported Groups List Length: 8
Data (0 bytes)
Text moved with changes from lines 76-83 (87.3% similarity)
Supported Groups (4 groups)
Extension: signed_certificate_timestamp (len=0)
Type: signed_certificate_timestamp (18)
Length: 0
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: supported_versions (len=7)
Extension: supported_versions (len=7)
Type: supported_versions (43)
Type: supported_versions (43)
Length: 7
Length: 7
Supported Versions length: 6
Supported Versions length: 6
Supported Version: Reserved (GREASE) (0x3a3a)
Supported Version: Reserved (GREASE) (0x5a5a)
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Supported Version: TLS 1.2 (0x0303)
Text moved from lines 101-105
Extension: supported_groups (len=10)
Type: supported_groups (10)
Length: 10
Supported Groups List Length: 8
Supported Groups (4 groups)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: Reserved (GREASE) (len=1)
Extension: Reserved (GREASE) (len=1)
Type: Reserved (GREASE) (47802)
Type: Reserved (GREASE) (64250)
Length: 1
Length: 1
Data: 00
Data: 00
Extension: pre_shared_key (len=315)
Extension: pre_shared_key (len=315)
Type: pre_shared_key (41)
Type: pre_shared_key (41)
Length: 315
Length: 315
Pre-Shared Key extension
Pre-Shared Key extension
Identities Length: 278
Identities Length: 278
PSK Identity (length: 272)
PSK Identity (length: 272)
Identity Length: 272
Identity Length: 272
Identity: 8c74c765b707ce1e896d23f467f401e23b05bd522228d9e7bc5e750e316fdbba4f782f90…
Identity: 8c74c765b707ce1e896d23f467f401e276184061b18e4c61885a20b73df9255bffd021f0…
Obfuscated Ticket Age: 2169695030
Obfuscated Ticket Age: 1462382094
PSK Binders length: 33
PSK Binders length: 33
PSK Binders
PSK Binders
[JA3 Fullstring: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,13-35-11-27-16-51-17513-23-65281-45-18-0-5-10-43-41,29-23-24,0]
[JA3 Fullstring: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,65281-27-17513-51-23-16-0-13-5-35-18-45-43-10-11-41,29-23-24,0]
[JA3: 4e968c4180e0a44fec38837e2cb2e1d7]
[JA3: 688626d2fe63f38d95a5de8e8e3c0653]