mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-01 06:19:44 +01:00
Amends LDAP + STARTTLS / rename sockread_serverhello()
This commit adds parsing the success value of the STARTTLS upgrade in LDAP. Only possible values whould be 0 or one according to RFC 2380. All values not equal to zero will terminate the check. Also, this PR renames sockread_serverhello() to sockread() as the word serverhello is pretty misleading. It just reads from ANY socket. (sorry to confuse people here, that should have gone into a separate PR). Also sockread() and sockread_fast() are better documented.
This commit is contained in:
parent
601ff16a0a
commit
9447c8c866
55
testssl.sh
55
testssl.sh
@ -4728,7 +4728,7 @@ client_simulation_sockets() {
|
||||
socksend_clienthello "${data}"
|
||||
sleep $USLEEP_SND
|
||||
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
|
||||
|
||||
@ -4758,7 +4758,7 @@ client_simulation_sockets() {
|
||||
|
||||
debugme echo -n "requesting more server hello data... "
|
||||
socksend "" $USLEEP_SND
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
|
||||
next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
next_packet="${next_packet%%[!0-9A-F]*}"
|
||||
@ -11094,10 +11094,12 @@ starttls_postgres_dialog() {
|
||||
return $ret
|
||||
}
|
||||
|
||||
|
||||
# RFC 2830
|
||||
starttls_ldap_dialog() {
|
||||
local debugpad=" > "
|
||||
local -i ret=0
|
||||
local result=""
|
||||
local starttls_init=",
|
||||
x30, x1d, x02, x01, # LDAP extendedReq
|
||||
x01, # messageID: 1
|
||||
@ -11106,15 +11108,20 @@ starttls_ldap_dialog() {
|
||||
|
||||
debugme echo "=== starting LDAP STARTTLS dialog ==="
|
||||
socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
|
||||
starttls_just_read 1 "read succeeded"
|
||||
result=$(sockread_fast 256)
|
||||
[[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $result\n"
|
||||
|
||||
# response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00
|
||||
# ^^ == success! That [9] should be checked also!
|
||||
|
||||
ret=$?
|
||||
# ^^ == success! [9] is checked below
|
||||
if [[ ${result:18:2} == 00 ]]; then
|
||||
ret=0
|
||||
elif [[ ${result:18:2} == 01 ]]; then
|
||||
ret=1
|
||||
else
|
||||
ret=127
|
||||
fi
|
||||
debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ==="
|
||||
return $ret
|
||||
|
||||
}
|
||||
|
||||
starttls_mysql_dialog() {
|
||||
@ -11346,9 +11353,11 @@ socksend() {
|
||||
}
|
||||
|
||||
|
||||
# for SSLv2 to TLS 1.2:
|
||||
# Reads from socket. Uses SOCK_REPLY_FILE global to save socket reply
|
||||
# Not blocking, polling
|
||||
# ARG1: blocksize for reading
|
||||
sockread_serverhello() {
|
||||
#
|
||||
sockread() {
|
||||
[[ -z "$2" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
|
||||
SOCK_REPLY_FILE=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
|
||||
dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null &
|
||||
@ -11356,8 +11365,10 @@ sockread_serverhello() {
|
||||
return $?
|
||||
}
|
||||
|
||||
#trying a faster version
|
||||
# Reads from socket. Utilises a pipe. Output is ASCII.
|
||||
# Faster as previous, blocks however when socket stream is empty
|
||||
# ARG1: blocksize for reading
|
||||
#
|
||||
sockread_fast() {
|
||||
dd bs=$1 count=1 <&5 2>/dev/null | hexdump -v -e '16/1 "%02X"'
|
||||
}
|
||||
@ -14743,7 +14754,7 @@ sslv2_sockets() {
|
||||
debugme echo -n "sending client hello... "
|
||||
socksend_clienthello "$client_hello"
|
||||
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
if "$parse_complete"; then
|
||||
if [[ -s "$SOCK_REPLY_FILE" ]]; then
|
||||
server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
@ -14756,7 +14767,7 @@ sslv2_sockets() {
|
||||
|
||||
debugme echo -n "requesting more server hello data... "
|
||||
socksend "" $USLEEP_SND
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
|
||||
[[ ! -s "$SOCK_REPLY_FILE" ]] && break
|
||||
cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2"
|
||||
@ -15476,7 +15487,7 @@ resend_if_hello_retry_request() {
|
||||
done
|
||||
debugme echo -n "sending client hello... "
|
||||
socksend_clienthello "$data" $USLEEP_SND
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
return 2
|
||||
}
|
||||
|
||||
@ -15531,7 +15542,7 @@ tls_sockets() {
|
||||
# if sending didn't succeed we don't bother
|
||||
if [[ $ret -eq 0 ]]; then
|
||||
clienthello1="$TLS_CLIENT_HELLO"
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
"$TLS_DIFFTIME_SET" && TLS_NOW=$(LC_ALL=C date "+%s")
|
||||
|
||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
@ -15571,7 +15582,7 @@ tls_sockets() {
|
||||
|
||||
debugme echo -n "requesting more server hello data... "
|
||||
socksend "" $USLEEP_SND
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
|
||||
next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
next_packet="${next_packet%%[!0-9A-F]*}"
|
||||
@ -15785,7 +15796,7 @@ receive_app_data() {
|
||||
if "$FAST_SOCKET"; then
|
||||
res="$(sockread_fast 32768)"
|
||||
else
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
res="$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")"
|
||||
fi
|
||||
res="${res%%[!0-9A-F]*}"
|
||||
@ -15878,7 +15889,7 @@ run_heartbleed(){
|
||||
|
||||
[[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:"
|
||||
socksend "$heartbleed_payload" 1
|
||||
sockread_serverhello 16384 $HEARTBLEED_MAX_WAITSOCK
|
||||
sockread 16384 $HEARTBLEED_MAX_WAITSOCK
|
||||
if [[ $? -eq 3 ]]; then
|
||||
append=", timed out"
|
||||
pr_svrty_best "not vulnerable (OK)"; out "$append"
|
||||
@ -16015,7 +16026,7 @@ run_ccs_injection(){
|
||||
socksend "$client_hello" 1
|
||||
|
||||
debugme echo "reading server hello... "
|
||||
sockread_serverhello 32768
|
||||
sockread 32768
|
||||
if [[ $DEBUG -ge 4 ]]; then
|
||||
hexdump -C "$SOCK_REPLY_FILE" | head -20
|
||||
tmln_out "[...]"
|
||||
@ -16024,7 +16035,7 @@ run_ccs_injection(){
|
||||
rm "$SOCK_REPLY_FILE"
|
||||
# ... and then send the change cipher spec message
|
||||
socksend "$ccs_message" 1 || ok_ids
|
||||
sockread_serverhello 4096 $CCS_MAX_WAITSOCK
|
||||
sockread 4096 $CCS_MAX_WAITSOCK
|
||||
if [[ $DEBUG -ge 3 ]]; then
|
||||
tmln_out "\n1st reply: "
|
||||
hexdump -C "$SOCK_REPLY_FILE" | head -20
|
||||
@ -16034,7 +16045,7 @@ run_ccs_injection(){
|
||||
rm "$SOCK_REPLY_FILE"
|
||||
|
||||
socksend "$ccs_message" 2 || ok_ids
|
||||
sockread_serverhello 4096 $CCS_MAX_WAITSOCK
|
||||
sockread 4096 $CCS_MAX_WAITSOCK
|
||||
retval=$?
|
||||
|
||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
@ -16307,7 +16318,7 @@ run_ticketbleed() {
|
||||
if "$FAST_SOCKET"; then
|
||||
tls_hello_ascii=$(sockread_fast 32768)
|
||||
else
|
||||
sockread_serverhello 32768 $CCS_MAX_WAITSOCK
|
||||
sockread 32768 $CCS_MAX_WAITSOCK
|
||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
fi
|
||||
[[ "$DEBUG" -ge 5 ]] && echo "$tls_hello_ascii"
|
||||
@ -19185,7 +19196,7 @@ run_robot() {
|
||||
fi
|
||||
debugme echo "reading server error response..."
|
||||
start_time=$(LC_ALL=C date "+%s")
|
||||
sockread_serverhello 32768 $robottimeout
|
||||
sockread 32768 $robottimeout
|
||||
subret=$?
|
||||
if [[ $subret -eq 0 ]]; then
|
||||
end_time=$(LC_ALL=C date "+%s")
|
||||
|
Loading…
Reference in New Issue
Block a user