From ac6a67a299bc66f17def1cc18d014ce2cb28f7a8 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 12 Jan 2015 22:56:15 +0100 Subject: [PATCH] now with SNI! --- utils/prototype.tls-protocol-checker.bash | 71 +++++++++++++---------- 1 file changed, 40 insertions(+), 31 deletions(-) diff --git a/utils/prototype.tls-protocol-checker.bash b/utils/prototype.tls-protocol-checker.bash index 734061b..035ecd5 100755 --- a/utils/prototype.tls-protocol-checker.bash +++ b/utils/prototype.tls-protocol-checker.bash @@ -22,6 +22,8 @@ IFILE=./mapping-rfc.txt NODE="" +SN_HEX="" +LEN_SN_HEX=0 COL_WIDTH=32 DEBUG=${DEBUG:-0} USLEEP_REC=${USLEEP_REC:-0.2} @@ -66,26 +68,13 @@ c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f, 00, 0c, 00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e, 00, 0b, 00, 08, 00, 06, 00, 03, 00, ff" - -# example 1: for SNI -#00 00 # extention server_name -#00 0b # length -#00 09 # server_name list_length -#00 # server_name type (hostname) -#00 06 # server_name length -#66 66 66 66 66 66 # server_name target - -# example 2: for SNI -#00 00 00 1a 00 18 00 00 15 66 66 66 66 66 66 2e .........target. -#66 66 66 66 66 66 66 66 66 66 2e 66 66 66 mydomain1.tld - -#formatted: -#00 00 -#00 1a -#00 18 -#00 -#00 15 -#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld +#formatted example for SNI +#00 00 # extention server_name +#00 1a # length = the following +2 = server_name length + 5 +#00 18 # server_name list_length = server_name length +3 +#00 # server_name type (hostname) +#00 15 # server_name length +#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target help() { @@ -111,7 +100,9 @@ parse_hn_port() { echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed 's/\:.*$//'` # servername to network bytes: - SNIHEX=`printf $NODE | hexdump -v -e '16/1 "%02X"'` + LEN_SN_HEX=`echo ${#NODE}` + hexdump_format_str="$LEN_SN_HEX/1 \"%02x,\"" + SN_HEX=`printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//'` } # arg1: formatted string here in the code @@ -135,32 +126,40 @@ socksend_clienthello() { if [[ "$1" != "ff" ]]; then # internally we use 00 to indicate SSLv2 len_sni=`echo ${#3}` - #len_ciph_suites=`echo ${#SNIHEX}` + #tls_ver=printf "%02x\n" $1" code2network "$2" cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next + + # convert length's from dec to hex: + hex_len_sn_hex=`printf "%02x\n" $LEN_SN_HEX` + hex_len_sn_hex3=`printf "%02x\n" $((LEN_SN_HEX+3))` + hex_len_sn_hex5=`printf "%02x\n" $((LEN_SN_HEX+5))` + hex_len_extention=`printf "%02x\n" $((LEN_SN_HEX+9))` len_ciph_suites_byte=`echo ${#cipher_suites}` let "len_ciph_suites_byte += 2" # we have additional 2 chars \x in each 2 byte string and 2 byte ciphers, so we need to divide by 4: - len_ciph_suites=`printf "%X\n" $(($len_ciph_suites_byte / 4 ))` + len_ciph_suites=`printf "%02x\n" $(($len_ciph_suites_byte / 4 ))` len2twobytes "$len_ciph_suites" len_ciph_suites_word="$LEN_STR" [[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word - len2twobytes `printf "%X\n" $((0x$len_ciph_suites + 0x27))` + len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extention + 0x2))` + #len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27))` len_c_hello_word="$LEN_STR" [[ $DEBUG -ge 4 ]] && echo $len_c_hello_word - len2twobytes `printf "%X\n" $((0x$len_ciph_suites + 0x2b))` + len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extention + 0x2))` + #len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b))` len_all_word="$LEN_STR" [[ $DEBUG -ge 4 ]] && echo $len_all_word TLS_CLIENT_HELLO=" # TLS header ( 5 bytes) - ,16, 03, $1 # TLS Version - ,$len_all_word # Length + ,16, 03, $1 # TLS Version + ,$len_all_word # Length <--- # Handshake header: ,01 # Type (x01 for ClientHello) ,00, $len_c_hello_word # Length ClientHello @@ -175,11 +174,21 @@ socksend_clienthello() { # Cipher suites ,$cipher_suites ,01 # Compression methods length - ,00 # Compression method (x00 for NULL) - " + ,00" # Compression method (x00 for NULL) + + EXTENSION_CONTAINING_SNI=" + ,00, $hex_len_extention # first the len of all (here: 1) extentions. We assume len(hostname) < FF - 9 + ,00, 00 # extention server_name + ,00, $hex_len_sn_hex5 # length SNI EXT + ,00, $hex_len_sn_hex3 # server_name list_length + ,00 # server_name type (hostname) + ,00, $hex_len_sn_hex # server_name length + ,$SN_HEX" # server_name target + fi - code2network "$TLS_CLIENT_HELLO" + code2network "$TLS_CLIENT_HELLO$EXTENSION_CONTAINING_SNI" + #code2network "$TLS_CLIENT_HELLO" data=`echo $NW_STR` [[ "$DEBUG" -ge 3 ]] && echo "\"$data\"" @@ -352,4 +361,4 @@ echo exit 0 # vim:tw=110:ts=5:sw=5 -# $Id: prototype.tls-protocol-checker.bash,v 1.8 2015/01/08 08:57:26 dirkw Exp $ +# $Id: prototype.tls-protocol-checker.bash,v 1.11 2015/01/12 21:56:06 dirkw Exp $