How Can I Use Curl To Simulate A HTTP/2 Request With A Specific Set Of TLS Cipher Suites And ALPN Protocols, While Also Capturing The TLS Handshake Details And HTTP Request/response Headers In A HAR File, Similar To What I Would Get From A Browser's Developer Tools?

by ADMIN 267 views

To simulate an HTTP/2 request with specific TLS cipher suites and ALPN protocols using curl and capture the details into a HAR file, follow these steps:

Step 1: Install Required Tools

Ensure you have curl installed. For converting the output to HAR, you might need additional tools or scripts.

Step 2: Run curl with Specific Options

Use the following curl command to make an HTTP/2 request with specified TLS cipher suites and ALPN protocols, while capturing headers and TLS details:

curl --http2 --ciphers 'ECDHE+AESGCM:ECDHE+CHACHA20' --alpn h2,http/1.1 --verbose --dump-header headers.txt --output response.html https://example.com
  • --http2: Enables HTTP/2.
  • --ciphers: Specifies allowed TLS cipher suites.
  • --alpn: Sets the ALPN protocol list (e.g., HTTP/2).
  • --verbose: Outputs TLS handshake details.
  • --dump-header headers.txt: Saves HTTP headers to a file.
  • --output response.html: Saves the response body.

Step 3: Capture TLS Handshake Details

Redirect the verbose output to capture TLS details:

curl --http2 --ciphers 'ECDHE+AESGCM:ECDHE+CHACHA20' --alpn h2,http/1.1 --verbose --dump-header headers.txt --output response.html https://example.com 2> tls_details.txt

Step 4: Create a HAR File

Use a script to parse the captured data into a HAR file. Below is a Python script example:

import json
import re
from datetime import datetime

def parse_headers(file_path):
headers = {}
with open(file_path, 'r') as f:
for line in f:
if line.startswith('HTTP/'):
continue
if ': ' in line:
key, value = line.split(': ', 1)
headers[key] = value.strip()
return headers


def parse_tls_details(file_path):
tls_info = }
with open(file_path, 'r') as f
for line in f:
if 'SSL connection using TLS' in line:
match = re.search(r'TLSv(.+?) ${.*', line)
                if match:
                    tls_info['version'] = match.group(1)
            elif 'cipher is' in line:
                match = re.search(r'cipher is (.+?) ', line)
if match:
tls_info['cipher_suite'] = match.group(1)
return tls_info


url = 'https://example.com'
method = 'GET'



headers = parse_headers('headers.txt')
tls_details = parse_tls_details('tls_details.txt')



har = 
'log' {
'entries': [{
'request': {
'method': method,
'url': url,
'httpVersion': '2.0',
'headers': headers
,
'response': 
'status' 200,
'headers': headers  # Adjust based on actual response headers
,
'tls': tls_details,
'startedDateTime': datetime.now().isoformat(),
'time': 100  # Adjust timing as needed
}]
}
}



with open('request.har', 'w') as f:
json.dump(har, f, indent=2)

Step 5: Run the Script

Execute the script to generate the HAR file:

python har_generator.py

Notes

  • This script is a basic example and may need adjustments based on actual output.
  • Ensure the script captures all necessary details from the curl output.
  • You might need to handle timings and other HAR fields more precisely.

By following these steps, you can simulate the HTTP/2 request and capture the necessary details into a HAR file.