The tlsheaders Task
tlsheaders is a TLS Headers parsing Task. It accepts a Payload input.
Configuration options
tlsheaders has the following configuration options:
- appdata
-
default false By default, the tlsheaders Task does not publish TLS packets with encrypted Application Data, only unencrypted header information. You can enable Application Data publishing by setting this option to true.
For example:
appdata:true
Output
- tlsheaders
-
map Hold the HTTP output.
- tlsheaders.records
-
array Records is an array of all the unencrypted TLS Records found in one packet.
- tlsheaders.records.type
-
string TLS Record Type. One of: RecordTypeChangeCipherSpec, RecordTypeAlert, RecordTypeHandshake, RecordTypeApplicationData.
- tlsheaders.records.length
-
int Length in bytes of the record.
- tlsheaders.records.encrypted
-
bool True if the record is encrypted.
- tlsheaders.records.alertRecord
-
map (only if Record is an Alert) Alert Record if type is RecordTypeAlert.
- tlsheaders.records.alertRecord.type
-
string Type of Alert.
- tlsheaders.records.alertRecord.level
-
string Level of Alert.
- tlsheaders.records.handshakeMsgType
-
string (only if Record is a HandshakeMsg) Handshake Message Type.
- tlsheaders.records.handshakeMsg
-
map (only if Record is a HandshakeMsg) Handshake Message body.
- tlsheaders.records.handshakeMsg
-
map (only if Record is a HandshakeMsg) Handshake Message body.