MCPcopy
hub / github.com/gchq/CyberChef / parseTLSRecord

Function parseTLSRecord

src/core/lib/TLS.mjs:17–59  ·  view source on GitHub ↗
(bytes)

Source from the content-addressed store, hash-verified

15 * @returns {JSON}
16 */
17export function parseTLSRecord(bytes) {
18 const s = new Stream(bytes);
19 const b = s.clone();
20 const r = {};
21
22 // Content type
23 r.contentType = {
24 description: "Content Type",
25 length: 1,
26 data: b.getBytes(1),
27 value: s.readInt(1)
28 };
29 if (r.contentType.value !== 0x16)
30 throw new OperationError("Not handshake data.");
31
32 // Version
33 r.version = {
34 description: "Protocol Version",
35 length: 2,
36 data: b.getBytes(2),
37 value: s.readInt(2)
38 };
39
40 // Length
41 r.length = {
42 description: "Record Length",
43 length: 2,
44 data: b.getBytes(2),
45 value: s.readInt(2)
46 };
47 if (s.length !== r.length.value + 5)
48 throw new OperationError("Incorrect handshake length.");
49
50 // Handshake
51 r.handshake = {
52 description: "Handshake",
53 length: r.length.value,
54 data: b.getBytes(r.length.value),
55 value: parseHandshake(s.getBytes(r.length.value))
56 };
57
58 return r;
59}
60
61/**
62 * Parse a TLS Handshake

Callers 2

toJA4Function · 0.90
toJA4SFunction · 0.90

Calls 4

cloneMethod · 0.95
getBytesMethod · 0.95
readIntMethod · 0.95
parseHandshakeFunction · 0.85

Tested by

no test coverage detected