Generally penetration testers focus on SSL/TLS as a blackbox, usually using the open-SSL command line. The exception to this is when we see exploits for vulnerabilities such as heartbleed when we generally just see a big string of hex. Wouldn’t it be nice if there was a way to easily construct our own TLS records, handshake messages and even broken messages so that we can have something in between? This talk will describe the TLS record layer and handshake protocols, and introduce the pytls library that can be used to create these messages in an easy way. It will compare the commonly found heartbleed exploit with an equivalent written using pytls and demonstrate how we can write tests for some other common vulnerabilities. Finally, the talk will show how it is possible to determine the SSL/TLS implementation in use on a server by actively probing for differences in the protocol implementations between different libraries, and even different versions of the same library.