Forum Discussion
NimbostratusiRule_TLS
Hi,
much appreciate your guidance to achieve the following through iRule;
1- at the TCP level; iRule read the payload and find the client hello header.
2- then search for extension of 229938, and extract the cale to be stored as MSISDN.
3- iRule to strip the extension from the payload and update the length in each header.
much appreciate your support
thanks
PeteWhiteEmployee
You can use the binary scan command to check the SSL header. I'm confused though - how can you remove the extension from the SSL header? that is quite literally a MITM attack which is what SSL is designed to prevent.
HardiHi Pete White
thanks a lot for the feedback, what if I keep the extension but this time the scenario is to forward it to the back-end nodes?
is there any iRule sample for the same described scenario?
thanks
- PeteWhite
Hi Hardi,
There are SSL commands which you can use to extract the extensions ( https://clouddocs.f5.com/api/irules/SSL__extensions.html ) but of course for that you need to operate at the SSL level. At the TCP level you would have to binary scan the client hello, work out exactly where that extension is and extract only that part of the data. That is quite tricky with variable length headers ie the extension you want may be the first or the third and the SSL header includes a number of variable-length fields. Not easy to do, especially in TCL. I'm sure it's possible but it it more than i could write here.
Example pseudocode
when CLIENT_ACCEPTED
TCP::collect
endwhen
when CLIENT_DATA
binary scan payload
if client-hello then
binary scan TLS header
loop through extensions
endif
endwhen
- PeteWhite
If you take a look at https://tls.ulfheim.net/ you can see exactly how the packet is built and you can build it around that