mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
fix for empty/malformed socket replies
During protocol check if a sever answered unexpected with closing the conenction or another malformed reply the output was not ok as DETECTED_TLS_VERSION was empty. This fixes it by filling the variable with a string in ``parse_tls_serverhello()`` and then check in higher level (``run_protocols()``) the content. Also it seems that I forgot in the commit from yesterday one ``&&`` to commit in ``run_breach()``
This commit is contained in:
parent
ee8c5e51a1
commit
50287ef2c4
31
testssl.sh
31
testssl.sh
@ -3951,8 +3951,13 @@ run_protocols() {
|
|||||||
prln_svrty_critical "server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
prln_svrty_critical "server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||||
fileout "sslv3" "CRITICAL" "SSLv3: server responded with higher version number ($detected_version_string) than requested by client"
|
fileout "sslv3" "CRITICAL" "SSLv3: server responded with higher version number ($detected_version_string) than requested by client"
|
||||||
else
|
else
|
||||||
|
if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
|
||||||
prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||||
fileout "sslv3" "CRITICAL" "SSLv3: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
fileout "sslv3" "CRITICAL" "SSLv3: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
||||||
|
else
|
||||||
|
prln_svrty_medium "strange, server ${DETECTED_TLS_VERSION}"
|
||||||
|
fileout "sslv3" "MEDIUM" "SSLv3: strange, server ${DETECTED_TLS_VERSION}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
5) pr_svrty_high "$supported_no_ciph2"
|
5) pr_svrty_high "$supported_no_ciph2"
|
||||||
@ -3997,8 +4002,13 @@ run_protocols() {
|
|||||||
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client"
|
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client"
|
||||||
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with higher version number ($detected_version_string) than requested by client"
|
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with higher version number ($detected_version_string) than requested by client"
|
||||||
else
|
else
|
||||||
prln_svrty_critical " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
|
||||||
|
prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||||
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
||||||
|
else
|
||||||
|
prln_svrty_medium " -- strange, server ${DETECTED_TLS_VERSION}"
|
||||||
|
fileout "tls1" "MEDIUM" "TLSv1.0: server ${DETECTED_TLS_VERSION}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
5) outln "$supported_no_ciph1" # protocol ok, but no cipher
|
5) outln "$supported_no_ciph1" # protocol ok, but no cipher
|
||||||
@ -4045,8 +4055,13 @@ run_protocols() {
|
|||||||
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||||
fileout "tls1_1" "CRITICAL" "TLSv1.1 is not offered, server responded with higher version number ($detected_version_string) than requested by client"
|
fileout "tls1_1" "CRITICAL" "TLSv1.1 is not offered, server responded with higher version number ($detected_version_string) than requested by client"
|
||||||
else
|
else
|
||||||
prln_svrty_critical " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
|
||||||
|
prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||||
fileout "tls1_1" "CRITICAL" "TLSv1.1: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
fileout "tls1_1" "CRITICAL" "TLSv1.1: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
||||||
|
else
|
||||||
|
prln_svrty_medium " -- strange, server ${DETECTED_TLS_VERSION}"
|
||||||
|
fileout "tls1_1" "MEDIUM" "TLSv1.1: server ${DETECTED_TLS_VERSION}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
5) outln "$supported_no_ciph1"
|
5) outln "$supported_no_ciph1"
|
||||||
@ -4104,8 +4119,13 @@ run_protocols() {
|
|||||||
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client"
|
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client"
|
||||||
fileout "tls1_2" "CRITICAL" "TLSv1.2 is not offered, server responded with higher version number ($detected_version_string) than requested by client"
|
fileout "tls1_2" "CRITICAL" "TLSv1.2 is not offered, server responded with higher version number ($detected_version_string) than requested by client"
|
||||||
else
|
else
|
||||||
prln_svrty_critical " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
|
||||||
|
prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||||
fileout "tls1_2" "CRITICAL" "TLSv1.2: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
fileout "tls1_2" "CRITICAL" "TLSv1.2: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
||||||
|
else
|
||||||
|
prln_svrty_medium " -- strange, server ${DETECTED_TLS_VERSION}"
|
||||||
|
fileout "tls1_2" "MEDIUM" "TLSv1.2: server ${DETECTED_TLS_VERSION}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
5) outln "$supported_no_ciph1"
|
5) outln "$supported_no_ciph1"
|
||||||
@ -8089,13 +8109,16 @@ parse_tls_serverhello() {
|
|||||||
|
|
||||||
if [[ $tls_serverhello_ascii_len -eq 0 ]]; then
|
if [[ $tls_serverhello_ascii_len -eq 0 ]]; then
|
||||||
debugme echo "server hello empty, TCP connection closed"
|
debugme echo "server hello empty, TCP connection closed"
|
||||||
|
DETECTED_TLS_VERSION="closed TCP connection "
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 1 # no server hello received
|
return 1 # no server hello received
|
||||||
elif [[ $tls_serverhello_ascii_len -lt 76 ]]; then
|
elif [[ $tls_serverhello_ascii_len -lt 76 ]]; then
|
||||||
|
DETECTED_TLS_VERSION="reply malformed"
|
||||||
debugme echo "Malformed response"
|
debugme echo "Malformed response"
|
||||||
return 1
|
return 1
|
||||||
elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then
|
elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then
|
||||||
# the ServerHello MUST be the first handshake message
|
# the ServerHello MUST be the first handshake message
|
||||||
|
DETECTED_TLS_VERSION="reply contained no ServerHello"
|
||||||
debugme tmln_warning "The first handshake protocol message is not a ServerHello."
|
debugme tmln_warning "The first handshake protocol message is not a ServerHello."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -9903,7 +9926,7 @@ run_breach() {
|
|||||||
local cwe="CWE-310"
|
local cwe="CWE-310"
|
||||||
local hint=""
|
local hint=""
|
||||||
|
|
||||||
[[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH" return 7
|
[[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH" && return 7
|
||||||
|
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for BREACH (HTTP compression) vulnerability " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for BREACH (HTTP compression) vulnerability " && outln
|
||||||
pr_bold " BREACH"; out " ($cve) "
|
pr_bold " BREACH"; out " ($cve) "
|
||||||
|
Loading…
Reference in New Issue
Block a user