Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1606 from drwetter/add_brotli_3.0

Browse Source 
Add brotli compression detection for BREACH (backport)
This commit is contained in:
Dirk Wetter 2020-05-04 17:50:32 +02:00 committed by GitHub
commit 85faf9d096
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
testssl.sh
View File

@ -14607,12 +14607,14 @@ run_breach() {
[[ "$NODE" =~ google ]] && referer="https://yandex.ru/" # otherwise we have a false positive for google.com
useragent="$UA_STD"
$SNEAKY && useragent="$UA_SNEAKY"
printf "GET $url HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $useragent\r\nReferer: $referer\r\nConnection: Close\r\nAccept-encoding: gzip,deflate,compress\r\nAccept: text/*\r\n\r\n" | $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI") 1>$TMPFILE 2>$ERRFILE &
printf "GET $url HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $useragent\r\nReferer: $referer\r\nConnection: Close\r\nAccept-encoding: gzip,deflate,compress,br\r\nAccept: text/*\r\n\r\n" | $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI") 1>$TMPFILE 2>$ERRFILE &
wait_kill $! $HEADER_MAXSLEEP
was_killed=$? # !=0 was killed
result=$(awk '/^Content-Encoding/ { print $2 }' $TMPFILE)
result=$(strip_lf "$result")
debugme grep '^Content-Encoding' $TMPFILE
result="$(grep -ia Content-Encoding: $TMPFILE)"
result="$(strip_lf "$result")"
result="${result#*:}"
result="$(strip_spaces "$result")"
debugme echo "$result"
if [[ ! -s $TMPFILE ]]; then
pr_warning "failed (HTTP header request stalled or empty return"
if [[ $was_killed -ne 0 ]]; then
@ -14628,10 +14630,10 @@ run_breach() {
outln "$disclaimer"
fileout "$jsonID" "OK" "not vulnerable, no HTTP compression $disclaimer" "$cve" "$cwe"
else
pr_svrty_high "potentially NOT ok, uses $result HTTP compression."
pr_svrty_high "potentially NOT ok, \"$result\" HTTP compression detected."
outln "$disclaimer"
outln "$spaces$when_makesense"
fileout "$jsonID" "HIGH" "potentially VULNERABLE, uses $result HTTP compression $disclaimer" "$cve" "$cwe" "$hint"
fileout "$jsonID" "HIGH" "potentially VULNERABLE, $result HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fi
# Any URL can be vulnerable. I am testing now only the given URL!