Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-10 10:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Socksend modernize part 3, with a PoC for #1535: DONT USE THIS OTHERWISE

Browse Source 
This moves the run_ticketbleed function to the socketsend_clienthello.

It is not working yet, see also #1535 why. This is just for the PoC,
I'll explain:
  It has now a function named check_bytestream() which will be called
in debug mode 1 and checks whether the byte stream to be send via
bash sockets is properly formatted. It can detect bugs which otherwise
would be hard to discover.

DO NOT USE IT for anything else than the check

---snip:

code:

check_bytestream() {
     local line=""
     local -i i=0

     # We do a search and replace so that \xaa\x29 becomes
     # _xaa
     # _x29
     #
     # "echo -e" helps us to get a multiline string
     while read -r line; do
          if [[ $i -eq 0 ]]; then
               # first line is empty because this is a LF
               :
          elif [[ ${#line} -ne 4 ]] && [[ $i != 0 ]]; then
               echo "length of byte $i called from $2 is not ok"
          elif [[ ${line:0:1} != _ ]]; then
               echo "char $i called from $2 doesn't start with a \"\\\""
          elif [[ ${line:1:1} != x ]]; then
               echo "char $i called from $2 doesn't have an x in second position"
          elif [[ ${line:2:2} != [0-9a-fA-F][0-9a-fA-F] ]]; then
               echo "byte $i called from $2 is not hex"
          fi
          i+=1
     done < <( echo -e ${1//\\/\\n_})
}

socksend_clienthello() {
     local data=""

     code2network "$1"
     data="$NW_STR"
     if [[ "$DEBUG" -ge 1 ]]; then
          check_bytestream "$data" "${FUNCNAME[1]}"
          [[ "$DEBUG" -ge 4 ]] && echo && echo "\"$data\""
[..]

Result (./testssl.sh -q --debug=1 -U dev.testssl.sh):

Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  length of byte 311 called from run_ticketbleed is not ok
length of byte 312 called from run_ticketbleed is not ok
length of byte 313 called from run_ticketbleed is not ok
length of byte 314 called from run_ticketbleed is not ok
length of byte 315 called from run_ticketbleed is not ok
length of byte 316 called from run_ticketbleed is not ok
length of byte 317 called from run_ticketbleed is not ok
[..]

---snap

Besides that:

* dec02hex was corrected (only being used for run_ticketbleed)
* dec04hex is still buggy and part of the problem
* some quotes removed from rhs of [[]]
This commit is contained in:
Dirk Wetter 2020-03-07 15:40:19 +01:00
parent 6a7bf1674c
commit 8dbaab3656
1 changed files with 113 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
testssl.sh
View File

@ -747,8 +747,9 @@ debugme() {
return 0 return 0
} }
hex2dec() { debugme1() {
echo $((16#$1)) [[ "$DEBUG" -ge 1 ]] && "$@"
return 0
} }
# convert 414243 into ABC # convert 414243 into ABC
@ -760,15 +761,20 @@ hex2ascii() {
done done
} }
hex2dec() {
echo $((16#$1))
}
# convert decimal number < 256 to hex # convert decimal number < 256 to hex
dec02hex() { dec02hex() {
printf "x%02x" "$1" printf "%02x" "$1"
} }
# convert decimal number between 256 and < 256*256 to hex # convert decimal number between 256 and < 256*256 to hex
dec04hex() { dec04hex() {
local a=$(printf "%04x" "$1") local a=$(printf "%04x" "$1")
printf "x%02s, x%02s" "${a:0:2}" "${a:2:2}" printf "%02s, %02s" "${a:0:2}" "${a:2:2}"
} }
@ -10476,6 +10482,34 @@ code2network() {
done <<< "$1")" done <<< "$1")"
} }
# arg1: formatted bytesstream to be send
# arg2: caller function
check_bytestream() {
local line=""
local -i i=0
# We do a search and replace so that \xaa\x29 becomes
# _xaa
# _x29
#
# "echo -e" helps us to get a multiline string
while read -r line; do
if [[ $i -eq 0 ]]; then
# first line is empty because this is a LF
:
elif [[ ${#line} -ne 4 ]] && [[ $i != 0 ]]; then
echo "length of byte $i called from $2 is not ok"
elif [[ ${line:0:1} != _ ]]; then
echo "char $i called from $2 doesn't start with a \"\\\""
elif [[ ${line:1:1} != x ]]; then
echo "char $i called from $2 doesn't have an x in second position"
elif [[ ${line:2:2} != [0-9a-fA-F][0-9a-fA-F] ]]; then
echo "byte $i called from $2 is not hex"
fi
i+=1
done < <( echo -e ${1//\\/\\n_})
}
# sockets inspired by http://blog.chris007.de/?p=238 # sockets inspired by http://blog.chris007.de/?p=238
# ARG1: hexbytes separated by commas, with a leading comma # ARG1: hexbytes separated by commas, with a leading comma
# ARG2: seconds to sleep # ARG2: seconds to sleep
@ -10484,7 +10518,10 @@ socksend_clienthello() {
code2network "$1" code2network "$1"
data="$NW_STR" data="$NW_STR"
[[ "$DEBUG" -ge 4 ]] && echo && echo "\"$data\"" if [[ "$DEBUG" -ge 1 ]]; then
check_bytestream "$data" "${FUNCNAME[1]}"
[[ "$DEBUG" -ge 4 ]] && echo && echo "\"$data\""
fi
if [[ -z "$PRINTF" ]] ;then if [[ -z "$PRINTF" ]] ;then
# We could also use "dd ibs=1M obs=1M" here but is seems to be at max 3% slower # We could also use "dd ibs=1M obs=1M" here but is seems to be at max 3% slower
printf -- "$data" | cat >&5 2>/dev/null & printf -- "$data" | cat >&5 2>/dev/null &
@ -10501,7 +10538,6 @@ socksend_clienthello() {
socksend() { socksend() {
local data line local data line
# read line per line and strip comments (bash internal func can't handle multiline statements
data="$(while read line; do data="$(while read line; do
printf "${line%%\#*}" printf "${line%%\#*}"
done <<< "$1" )" done <<< "$1" )"
@ -14880,7 +14916,7 @@ receive_app_data() {
# mainly adapted from https://gist.github.com/takeshixx/10107280 # mainly adapted from https://gist.github.com/takeshixx/10107280
# #
run_heartbleed(){ run_heartbleed(){
local tls_hexcode local tls_hexcode tls_proto
local heartbleed_payload local heartbleed_payload
local -i n lines_returned local -i n lines_returned
local append="" local append=""
@ -14925,8 +14961,8 @@ run_heartbleed(){
fi fi
debugme echo "using protocol $tls_hexcode" debugme echo "using protocol $tls_hexcode"
# attention, this is dangerous as it relies on spaces etc. above tls_proto="${tls_hexcode:4:2}"
tls_sockets "${tls_hexcode:4:2}" "" "ephemeralkey" "" "" "false" tls_sockets "${tls_proto}" "" "ephemeralkey" "" "" "false"
[[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:" [[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:"
heartbleed_payload=", 18, $tls_hexcode, 00, 03, 01, 40,00" heartbleed_payload=", 18, $tls_hexcode, 00, 03, 01, 40,00"
@ -15187,8 +15223,8 @@ sub_session_ticket_tls() {
run_ticketbleed() { run_ticketbleed() {
local session_tckt_tls="" local session_tckt_tls=""
local -i len_ch=300 # fixed len of prepared clienthello below local -i len_ch=300 # fixed len of prepared clienthello below
local sid="x00,x0B,xAD,xC0,xDE,x00," # some abitratry bytes local sid="00,0B,AD,C0,DE,00," # some abitratry bytes
local len_sid="$(( ${#sid} / 4))" local len_sid="$(( ${#sid} / 3))"
local xlen_sid="$(dec02hex $len_sid)" local xlen_sid="$(dec02hex $len_sid)"
local -i len_tckt_tls=0 nr_sid_detected=0 local -i len_tckt_tls=0 nr_sid_detected=0
local xlen_tckt_tls="" xlen_handshake_record_layer="" xlen_handshake_ssl_layer="" local xlen_tckt_tls="" xlen_handshake_record_layer="" xlen_handshake_ssl_layer=""
@ -15214,7 +15250,7 @@ run_ticketbleed() {
# highly unlikely that it is NOT supported. We may loose time here but it's more solid # highly unlikely that it is NOT supported. We may loose time here but it's more solid
[[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions [[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions
if [[ ! "${TLS_EXTENSIONS}" =~ "session ticket" ]]; then if [[ ! "${TLS_EXTENSIONS}" =~ session\ ticket ]]; then
pr_svrty_best "not vulnerable (OK)" pr_svrty_best "not vulnerable (OK)"
outln ", no session ticket extension" outln ", no session ticket extension"
fileout "$jsonID" "OK" "no session ticket extension" "$cve" "$cwe" fileout "$jsonID" "OK" "no session ticket extension" "$cve" "$cwe"
@ -15222,26 +15258,26 @@ run_ticketbleed() {
fi fi
if [[ 0 -eq $(has_server_protocol tls1) ]]; then if [[ 0 -eq $(has_server_protocol tls1) ]]; then
tls_hexcode="x03, x01" tls_hexcode="03,01"
elif [[ 0 -eq $(has_server_protocol tls1_1) ]]; then elif [[ 0 -eq $(has_server_protocol tls1_1) ]]; then
tls_hexcode="x03, x02" tls_hexcode="03,02"
elif [[ 0 -eq $(has_server_protocol tls1_2) ]]; then elif [[ 0 -eq $(has_server_protocol tls1_2) ]]; then
tls_hexcode="x03, x03" tls_hexcode="03,03"
elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then
tls_hexcode="x03, x00" tls_hexcode="03,00"
else # no protocol for some reason defined, determine TLS versions offered with a new handshake else # no protocol for some reason defined, determine TLS versions offered with a new handshake
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null
case "$(get_protocol $TMPFILE)" in case "$(get_protocol $TMPFILE)" in
*1.2) tls_hexcode="x03, x03" ; add_tls_offered tls1_2 yes ;; *1.2) tls_hexcode="03,03" ; add_tls_offered tls1_2 yes ;;
*1.1) tls_hexcode="x03, x02" ; add_tls_offered tls1_1 yes ;; *1.1) tls_hexcode="03,02" ; add_tls_offered tls1_1 yes ;;
TLSv1) tls_hexcode="x03, x01" ; add_tls_offered tls1 yes ;; TLSv1) tls_hexcode="03,01" ; add_tls_offered tls1 yes ;;
SSLv3) tls_hexcode="x03, x00" ; add_tls_offered ssl3 yes ;; SSLv3) tls_hexcode="03,00" ; add_tls_offered ssl3 yes ;;
esac esac
fi fi
debugme echo "using protocol $tls_hexcode" debugme echo "using protocol $tls_hexcode"
session_tckt_tls="$(sub_session_ticket_tls)" session_tckt_tls="$(sub_session_ticket_tls)"
if [[ "$session_tckt_tls" == "," ]]; then if [[ "$session_tckt_tls" == , ]]; then
pr_svrty_best "not vulnerable (OK)" pr_svrty_best "not vulnerable (OK)"
outln ", no session tickets" outln ", no session tickets"
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
@ -15268,87 +15304,87 @@ run_ticketbleed() {
client_hello=" client_hello="
# TLS header (5 bytes) # TLS header (5 bytes)
,x16, # Content type (x16 for handshake) ,16, # Content type (x16 for handshake)
x03,x01, # TLS version record layer 03,01, # TLS version record layer
# Length Secure Socket Layer follows: # Length Secure Socket Layer follows:
$xlen_handshake_ssl_layer, $xlen_handshake_ssl_layer,
# Handshake header # Handshake header
x01, # Type (x01 for ClientHello) 01, # Type (x01 for ClientHello)
# Length of ClientHello follows: # Length of ClientHello follows:
x00, $xlen_handshake_record_layer, 00, $xlen_handshake_record_layer,
$tls_hexcode, # TLS Version $tls_hexcode, # TLS Version
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html # Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
xee, xee, x5b, x90, x9d, x9b, x72, x0b, ee, ee, 5b, 90, 9d, 9b, 72, 0b,
xbc, x0c, xbc, x2b, x92, xa8, x48, x97, bc, 0c, bc, 2b, 92, a8, 48, 97,
xcf, xbd, x39, x04, xcc, x16, x0b, x85, cf, bd, 39, 04, cc, 16, 0b, 85,
x03, x90, x9f, x77, x04, x33, xff, xff, 03, 90, 9f, 77, 04, 33, ff, ff,
$xlen_sid, # Session ID length $xlen_sid, # Session ID length
$sid $sid
x00, x6a, # Cipher suites length 106 00, 6a, # Cipher suites length 106
# 53 Cipher suites # 53 Cipher suites
xc0,x14, xc0,x13, xc0,x0a, xc0,x21, c0,14, c0,13, c0,0a, c0,21,
x00,x39, x00,x38, x00,x88, x00,x87, 00,39, 00,38, 00,88, 00,87,
xc0,x0f, xc0,x05, x00,x35, x00,x84, c0,0f, c0,05, 00,35, 00,84,
xc0,x12, xc0,x08, xc0,x1c, xc0,x1b, c0,12, c0,08, c0,1c, c0,1b,
x00,x16, x00,x13, xc0,x0d, xc0,x03, 00,16, 00,13, c0,0d, c0,03,
x00,x0a, xc0,x13, xc0,x09, xc0,x1f, 00,0a, c0,13, c0,09, c0,1f,
xc0,x1e, x00,x33, x00,x32, x00,x9a, c0,1e, 00,33, 00,32, 00,9a,
x00,x99, x00,x45, x00,x44, xc0,x0e, 00,99, 00,45, 00,44, c0,0e,
xc0,x04, x00,x2f, x00,x96, x00,x41, c0,04, 00,2f, 00,96, 00,41,
xc0,x11, xc0,x07, xc0,x0c, xc0,x02, c0,11, c0,07, c0,0c, c0,02,
x00,x05, x00,x04, x00,x15, x00,x12, 00,05, 00,04, 00,15, 00,12,
xc0,x30, xc0,x2f, x00,x9d, x00,x9c, c0,30, c0,2f, 00,9d, 00,9c,
x00,x3d, x00,x3c, x00,x9f, x00,x9e, 00,3d, 00,3c, 00,9f, 00,9e,
x00,xff, 00,ff,
x01, # Compression methods length 01, # Compression methods length
x00, # Compression method (x00 for NULL) 00, # Compression method (x00 for NULL)
x01,x5b, # Extensions length ####### 10b + x14 + x3c 01,5b, # Extensions length ####### 10b + x14 + x3c
# Extension Padding # Extension Padding
x00,x15, 00,15,
# length: # length:
x00,x38, 00,38,
x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00,
x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00,
x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00,
# Extension: ec_point_formats # Extension: ec_point_formats
x00,x0b, 00,0b,
# length: # length:
x00,x04, 00,04,
# data: # data:
x03,x00, x01,x02, 03,00, 01,02,
# Extension: elliptic_curves # Extension: elliptic_curves
x00,x0a, 00,0a,
# length # length
x00,x34, 00,34,
x00,x32, 00,32,
# data: # data:
x00,x0e, x00,x0d, x00,x19, x00,x0b, x00,x0c, 00,0e, 00,0d, 00,19, 00,0b, 00,0c,
x00,x18, x00,x09, x00,x0a, x00,x16, 00,18, 00,09, 00,0a, 00,16,
x00,x17, x00,x08, x00,x06, x00,x07, 00,17, 00,08, 00,06, 00,07,
x00,x14, x00,x15, x00,x04, x00,x05, 00,14, 00,15, 00,04, 00,05,
x00,x12, x00,x13, x00,x01, x00,x02, 00,12, 00,13, 00,01, 00,02,
x00,x03, x00,x0f, x00,x10, x00,x11, 00,03, 00,0f, 00,10, 00,11,
# Extension: Signature Algorithms # Extension: Signature Algorithms
x00,x0d, 00,0d,
# length: # length:
x00,x10, 00,10,
# data: # data:
x00,x0e ,x04,x01, x05,x01 ,x02,x01, x04,x03, x05,x03, 00,0e ,04,01, 05,01 ,02,01, 04,03, 05,03,
x02,x03, x02,x02, 02,03, 02,02,
# Extension: SessionTicket TLS # Extension: SessionTicket TLS
x00, x23, 00, 23,
# length of SessionTicket TLS # length of SessionTicket TLS
x00, $xlen_tckt_tls, 00, $xlen_tckt_tls,
# data, Session Ticket # data, Session Ticket
$session_tckt_tls # here we have the comma already $session_tckt_tls # we have the comma already
# Extension: Heartbeat # Extension: Heartbeat
x00, x0f, x00, x01, x01" 00, 0f, 00, 01, 01"
# we do 3 client hellos, then see whether different memory is returned # we do 3 client hellos, then we'll look whether different memory is returned
for i in 1 2 3; do for i in 1 2 3; do
fd_socket 5 || return 6 fd_socket 5 || return 6
debugme echo -n "sending client hello... " debugme echo -n "sending client hello... "
socksend "$client_hello" 0 socksend_clienthello "$client_hello" 0
debugme echo "reading server hello (ticketbleed reply)... " debugme echo "reading server hello (ticketbleed reply)... "
if "$FAST_SOCKET"; then if "$FAST_SOCKET"; then
@ -15386,7 +15422,8 @@ run_ticketbleed() {
else else
debugme echo -n "Message type: ${tls_hello_ascii:10:6} -- " debugme echo -n "Message type: ${tls_hello_ascii:10:6} -- "
fi fi
sid_input=$(sed -e 's/x//g' -e 's/,//g' <<< "$sid") sid_input=${sid//x/}
sid_input=${sid_input//,/}
sid_detected[i]="${tls_hello_ascii:88:32}" sid_detected[i]="${tls_hello_ascii:88:32}"
memory[i]="${tls_hello_ascii:$((88+ len_sid*2)):$((32 - len_sid*2))}" memory[i]="${tls_hello_ascii:$((88+ len_sid*2)):$((32 - len_sid*2))}"
if [[ "$DEBUG" -ge 3 ]]; then if [[ "$DEBUG" -ge 3 ]]; then