Python HTTPS 通信demo

HTTPS 通信,

 

Server端代码

import socket, ssl, time

HOST = ''
PORT = 10023
BUFSIZE = 1024
ADDR = (HOST, PORT)
# socket create success
bindsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# socket bind success
bindsocket.bind(ADDR)
# socket listen success
bindsocket.listen(5)


def do_something(connstream, data):
    return len(data)


def deal_with_client(connstream):
    data = connstream.recv(BUFSIZE)
    # empty data means the client is finished with us
    while data:
        backdata = do_something(connstream, data)
        if not backdata:
            # we'll assume do_something returns False
            # when we're finished with client
            break
        connstream.send(str(backdata))
        data = connstream.recv(BUFSIZE)
        print(data)


while True:
    newsocket, fromaddr = bindsocket.accept()
    print("socket accept one client from %s ", fromaddr)

    connstream = ssl.wrap_socket(newsocket, "key.pem", "cert.pem", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)

    try:
        deal_with_client(connstream)
    finally:
        connstream.shutdown(socket.SHUT_RDWR)
        connstream.close()

Client 端代码

import socket, ssl, pprint, time

HOST = '10.0.3.83'
PORT = 10023
BUFSIZE = 1024
ADDR = (HOST, PORT)

# socket create success
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# require a certificate from the server
ssl_sock = ssl.wrap_socket(s, ca_certs="cert.pem", cert_reqs=ssl.CERT_REQUIRED)
# socket connect success
ssl_sock.connect(ADDR)

# note that closing the SSLSocket will also close the underlying socket
pprint.pprint(ssl_sock.getpeercert())

while True:
    data = raw_input('> ')
    if not data:
        break
    ssl_sock.send(data)
    data = ssl_sock.recv(BUFSIZE)
    if not data:
        break
    print
    data
ssl_sock.close()

 抓socket 数据包

tcpdump -i lo port 10024 -w test.cap

在Windows系统上安装wireshark 然后倒入数据包分析

 

Frame 2: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Sep 15, 2018 23:36:45.587731000 China Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1537025805.587731000 seconds
    [Time delta from previous captured frame: 0.000161000 seconds]
    [Time delta from previous displayed frame: 0.000161000 seconds]
    [Time since reference or first frame: 0.000161000 seconds]
    Frame Number: 2
    Frame Length: 148 bytes (1184 bits)
    Capture Length: 148 bytes (1184 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:ssl]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 192.168.1.13, Dst: 192.168.1.13
Transmission Control Protocol, Src Port: 10024, Dst Port: 48544, Seq: 1, Ack: 83, Len: 82
    Source Port: 10024
    Destination Port: 48544
    [Stream index: 0]
    [TCP Segment Len: 82]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 83    (relative sequence number)]
    Acknowledgment number: 83    (relative ack number)
    1000 .... = Header Length: 32 bytes (8)
    Flags: 0x018 (PSH, ACK)
    Window size value: 359
    [Calculated window size: 359]
    [Window size scaling factor: -1 (unknown)]
    Checksum: 0x83e3 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
    [SEQ/ACK analysis]
    [Timestamps]
    TCP payload (82 bytes)
Secure Sockets Layer
    TLSv1 Record Layer: Application Data Protocol: Application Data
        Content Type: Application Data (23)
        Version: TLS 1.0 (0x0301)
        Length: 36
        Encrypted Application Data: 2fb335fe70f2683c15585bcbd78e498769d83b8a15b49f1f...
    TLSv1 Record Layer: Application Data Protocol: Application Data
 

可以看到发送的数据是已经被加密了的.