mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
several improvements
timeout: the TLS ticket check has a timeout, so that early on non-reachable hosts are determined. If it is running into the timeout, it quits early. The timeout is configurable via environment e.g. TIMEOUT=16 ./ticketbleed.bash <host> Also other ports are allowed albeit it probably it is of limited use Supplying no arg is now more user-friendly
This commit is contained in:
parent
15219475e9
commit
69fa8ca378
@ -8,19 +8,22 @@
|
|||||||
#
|
#
|
||||||
###### DON'T DO EVIL! USAGE AT YOUR OWN RISK. DON'T VIOLATE LAWS! #######
|
###### DON'T DO EVIL! USAGE AT YOUR OWN RISK. DON'T VIOLATE LAWS! #######
|
||||||
|
|
||||||
readonly PS4='${LINENO}: ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
[[ -z "$1" ]] && echo "IP is missing" && exit 1
|
||||||
trap "cleanup" QUIT EXIT
|
|
||||||
|
|
||||||
[[ -z "$1" ]] && exit 1
|
readonly PS4='${LINENO}: ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
||||||
|
|
||||||
|
OPENSSL=${OPENSSL:-$(type -p openssl)}
|
||||||
|
TIMEOUT=${TIMEOUT:-20}
|
||||||
|
|
||||||
# insert some hexspeak here :-)
|
# insert some hexspeak here :-)
|
||||||
SID="x00,x00,x0B,xAD,xC0,xDE," # don't forget the trailing comma
|
SID="x00,x00,x0B,xAD,xC0,xDE," # don't forget the trailing comma
|
||||||
|
|
||||||
NODE="$1"
|
NODE="$1"
|
||||||
|
PORT="${NODE#*:}"
|
||||||
|
PORT="${PORT-443}" # probably this doesn't make sense
|
||||||
NODE="${NODE%:*}" # strip port if supplied
|
NODE="${NODE%:*}" # strip port if supplied
|
||||||
PORT="443" # we curently support 443 only
|
|
||||||
TLSV=${2:-01} # TLS 1.0=x01 1.1=0x02, 1.2=0x3
|
TLSV=${2:-01} # TLS 1.0=x01 1.1=0x02, 1.2=0x3
|
||||||
MAXSLEEP=10
|
MAXSLEEP=$TIMEOUT
|
||||||
SOCKREPLY=""
|
SOCKREPLY=""
|
||||||
COL_WIDTH=32
|
COL_WIDTH=32
|
||||||
DEBUG=${DEBUG:-"false"}
|
DEBUG=${DEBUG:-"false"}
|
||||||
@ -215,10 +218,17 @@ cleanup() {
|
|||||||
|
|
||||||
get_sessticket() {
|
get_sessticket() {
|
||||||
local sessticket_str
|
local sessticket_str
|
||||||
|
local output
|
||||||
|
|
||||||
sessticket_str="$(openssl s_client -connect $NODE:$PORT </dev/null 2>/dev/null | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')"
|
output="$($OPENSSL s_client -connect $NODE:$PORT </dev/null 2>/dev/null)"
|
||||||
|
if ! grep -qw CONNECTED <<< "$output"; then
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
sessticket_str="$(awk '/TLS session ticket:/,/^$/' <<< "$output" | awk '!/TLS session ticket/')"
|
||||||
sessticket_str="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_str" | tr '\n' ',')"
|
sessticket_str="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_str" | tr '\n' ',')"
|
||||||
sed -e 's/ /,x/g' -e 's/-/,x/g' <<< "$sessticket_str"
|
sed -e 's/ /,x/g' -e 's/-/,x/g' <<< "$sessticket_str"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
#### main
|
#### main
|
||||||
@ -229,13 +239,33 @@ early_exit=true
|
|||||||
declare -a memory sid_detected
|
declare -a memory sid_detected
|
||||||
nr_sid_detected=0
|
nr_sid_detected=0
|
||||||
|
|
||||||
|
|
||||||
|
# there are different "timeout". Check whether --preserve-status is supported
|
||||||
|
if type -p timeout &>/dev/null ; then
|
||||||
|
if timeout --help 2>/dev/null | grep -q 'preserve-status'; then
|
||||||
|
OPENSSL="timeout --preserve-status $TIMEOUT $OPENSSL"
|
||||||
|
else
|
||||||
|
OPENSSL="timeout $TIMEOUT $OPENSSL"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo " binary \"timeout\" not found. Continuing without it"
|
||||||
|
unset TIMEOUT
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
echo
|
echo
|
||||||
"$DEBUG" && ( echo )
|
"$DEBUG" && ( echo )
|
||||||
echo "##### 1) Connect to determine 1x session ticket TLS"
|
echo "##### 1) Connect to determine 1x session ticket TLS"
|
||||||
# attn! neither here nor in the following client hello we do SNI. Assuming this is a vulnebilty of the TLS implementation
|
# attn! neither here nor in the following client hello we do SNI. Assuming this is a vulnebilty of the TLS implementation
|
||||||
SESS_TICKET_TLS="$(get_sessticket)"
|
SESS_TICKET_TLS="$(get_sessticket)"
|
||||||
|
if [[ $? -ne 0 ]]; then
|
||||||
|
echo >&2
|
||||||
|
echo -e "$NODE:$PORT ${magenta}not reachable / no TLS${normal}\n " >&2
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
[[ "$SESS_TICKET_TLS" == "," ]] && echo -e "${green}OK, not vulnerable${normal}, no session tickets\n" && exit 0
|
[[ "$SESS_TICKET_TLS" == "," ]] && echo -e "${green}OK, not vulnerable${normal}, no session tickets\n" && exit 0
|
||||||
|
|
||||||
|
trap "cleanup" QUIT EXIT
|
||||||
"$DEBUG" && ( echo; echo )
|
"$DEBUG" && ( echo; echo )
|
||||||
echo "##### 2) Sending 1 to 3 ClientHello(s) (TLS version 03,$TLSV) with this ticket and a made up SessionID"
|
echo "##### 2) Sending 1 to 3 ClientHello(s) (TLS version 03,$TLSV) with this ticket and a made up SessionID"
|
||||||
|
|
||||||
@ -318,3 +348,5 @@ fi
|
|||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user