From 513e662c6703fbbb5d4783fed4710f545c40742d Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 18 Nov 2014 00:26:58 +0100 Subject: [PATCH] - sockread w/ sleep - ccs better documented + more verbose during debug --- testssl.sh | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/testssl.sh b/testssl.sh index bae1dea..0321f40 100755 --- a/testssl.sh +++ b/testssl.sh @@ -521,12 +521,9 @@ socksend() { sleep $3 } -#sockread() { - #SOCKREPLY=`dd bs=$1 count=1 <&5 2>/dev/null` -#} sockread() { - maxsleep=$MAX_WAITSOCK + [ "x$2" = "x" ] && maxsleep=$MAX_WAITSOCK || maxsleep=$2 ret=0 ddreply=`mktemp /tmp/ddreply.XXXXXX` || exit 7 @@ -1041,6 +1038,7 @@ ccs_injection(){ # mainly adapted from Ramon de C Valle's C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607 bold " CCS "; out " (CVE-2014-0224), experimental " ccs_message="\x14\x03\tls_version\x00\x01\x01" # ChangeCipherSpec, TLS version 2 bytes, lenght 2 bytes, payload CCS 1 byte + # 20/0x14=Change Ciipher Spexcc $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT &>$TMPFILE RST outln fi - reply_sanitized=`echo "$SOCKREPLY" | xxd -p | tr -cd '[:print:]' | sed 's/^..........//'` + reply_sanitized=`outln "$SOCKREPLY" | xxd -p | tr -cd '[:print:]' | sed 's/^..........//'` lines=`echo "$SOCKREPLY" | xxd -c32 | wc -l` if [ "$reply_sanitized" == "0a" ] || [ "$lines" -gt 1 ] ; then @@ -1943,7 +1952,7 @@ case "$1" in exit $ret ;; esac -# $Id: testssl.sh,v 1.135 2014/11/17 17:49:54 dirkw Exp $ +# $Id: testssl.sh,v 1.136 2014/11/17 23:26:57 dirkw Exp $ # vim:ts=5:sw=5