Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

now with SNI!

Browse Source
This commit is contained in:
Dirk 2015-01-12 22:56:15 +01:00
parent f0747dd2fc
commit ac6a67a299
1 changed files with 40 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
utils/prototype.tls-protocol-checker.bash
View File

@ -22,6 +22,8 @@
IFILE=./mapping-rfc.txt IFILE=./mapping-rfc.txt
NODE="" NODE=""
SN_HEX=""
LEN_SN_HEX=0
COL_WIDTH=32 COL_WIDTH=32
DEBUG=${DEBUG:-0} DEBUG=${DEBUG:-0}
USLEEP_REC=${USLEEP_REC:-0.2} USLEEP_REC=${USLEEP_REC:-0.2}
@ -66,26 +68,13 @@ c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f, 00, 0c,
00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e, 00, 0b, 00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e, 00, 0b,
00, 08, 00, 06, 00, 03, 00, ff" 00, 08, 00, 06, 00, 03, 00, ff"
#formatted example for SNI
# example 1: for SNI #00 00 # extention server_name
#00 00 # extention server_name #00 1a # length = the following +2 = server_name length + 5
#00 0b # length #00 18 # server_name list_length = server_name length +3
#00 09 # server_name list_length #00 # server_name type (hostname)
#00 # server_name type (hostname) #00 15 # server_name length
#00 06 # server_name length #66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
#66 66 66 66 66 66 # server_name target
# example 2: for SNI
#00 00 00 1a 00 18 00 00 15 66 66 66 66 66 66 2e .........target.
#66 66 66 66 66 66 66 66 66 66 2e 66 66 66 mydomain1.tld
#formatted:
#00 00
#00 1a
#00 18
#00
#00 15
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld
help() { help() {
@ -111,7 +100,9 @@ parse_hn_port() {
echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed 's/\:.*$//'` echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed 's/\:.*$//'`
# servername to network bytes: # servername to network bytes:
SNIHEX=`printf $NODE | hexdump -v -e '16/1 "%02X"'` LEN_SN_HEX=`echo ${#NODE}`
hexdump_format_str="$LEN_SN_HEX/1 \"%02x,\""
SN_HEX=`printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//'`
} }
# arg1: formatted string here in the code # arg1: formatted string here in the code
@ -135,32 +126,40 @@ socksend_clienthello() {
if [[ "$1" != "ff" ]]; then # internally we use 00 to indicate SSLv2 if [[ "$1" != "ff" ]]; then # internally we use 00 to indicate SSLv2
len_sni=`echo ${#3}` len_sni=`echo ${#3}`
#len_ciph_suites=`echo ${#SNIHEX}` #tls_ver=printf "%02x\n" $1"
code2network "$2" code2network "$2"
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
# convert length's from dec to hex:
hex_len_sn_hex=`printf "%02x\n" $LEN_SN_HEX`
hex_len_sn_hex3=`printf "%02x\n" $((LEN_SN_HEX+3))`
hex_len_sn_hex5=`printf "%02x\n" $((LEN_SN_HEX+5))`
hex_len_extention=`printf "%02x\n" $((LEN_SN_HEX+9))`
len_ciph_suites_byte=`echo ${#cipher_suites}` len_ciph_suites_byte=`echo ${#cipher_suites}`
let "len_ciph_suites_byte += 2" let "len_ciph_suites_byte += 2"
# we have additional 2 chars \x in each 2 byte string and 2 byte ciphers, so we need to divide by 4: # we have additional 2 chars \x in each 2 byte string and 2 byte ciphers, so we need to divide by 4:
len_ciph_suites=`printf "%X\n" $(($len_ciph_suites_byte / 4 ))` len_ciph_suites=`printf "%02x\n" $(($len_ciph_suites_byte / 4 ))`
len2twobytes "$len_ciph_suites" len2twobytes "$len_ciph_suites"
len_ciph_suites_word="$LEN_STR" len_ciph_suites_word="$LEN_STR"
[[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word [[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word
len2twobytes `printf "%X\n" $((0x$len_ciph_suites + 0x27))` len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extention + 0x2))`
#len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27))`
len_c_hello_word="$LEN_STR" len_c_hello_word="$LEN_STR"
[[ $DEBUG -ge 4 ]] && echo $len_c_hello_word [[ $DEBUG -ge 4 ]] && echo $len_c_hello_word
len2twobytes `printf "%X\n" $((0x$len_ciph_suites + 0x2b))` len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extention + 0x2))`
#len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b))`
len_all_word="$LEN_STR" len_all_word="$LEN_STR"
[[ $DEBUG -ge 4 ]] && echo $len_all_word [[ $DEBUG -ge 4 ]] && echo $len_all_word
TLS_CLIENT_HELLO=" TLS_CLIENT_HELLO="
# TLS header ( 5 bytes) # TLS header ( 5 bytes)
,16, 03, $1 # TLS Version ,16, 03, $1 # TLS Version
,$len_all_word # Length ,$len_all_word # Length <---
# Handshake header: # Handshake header:
,01 # Type (x01 for ClientHello) ,01 # Type (x01 for ClientHello)
,00, $len_c_hello_word # Length ClientHello ,00, $len_c_hello_word # Length ClientHello
@ -175,11 +174,21 @@ socksend_clienthello() {
# Cipher suites # Cipher suites
,$cipher_suites ,$cipher_suites
,01 # Compression methods length ,01 # Compression methods length
,00 # Compression method (x00 for NULL) ,00" # Compression method (x00 for NULL)
"
EXTENSION_CONTAINING_SNI="
,00, $hex_len_extention # first the len of all (here: 1) extentions. We assume len(hostname) < FF - 9
,00, 00 # extention server_name
,00, $hex_len_sn_hex5 # length SNI EXT
,00, $hex_len_sn_hex3 # server_name list_length
,00 # server_name type (hostname)
,00, $hex_len_sn_hex # server_name length
,$SN_HEX" # server_name target
fi fi
code2network "$TLS_CLIENT_HELLO" code2network "$TLS_CLIENT_HELLO$EXTENSION_CONTAINING_SNI"
#code2network "$TLS_CLIENT_HELLO"
data=`echo $NW_STR` data=`echo $NW_STR`
[[ "$DEBUG" -ge 3 ]] && echo "\"$data\"" [[ "$DEBUG" -ge 3 ]] && echo "\"$data\""
@ -352,4 +361,4 @@ echo
exit 0 exit 0
# vim:tw=110:ts=5:sw=5 # vim:tw=110:ts=5:sw=5
# $Id: prototype.tls-protocol-checker.bash,v 1.8 2015/01/08 08:57:26 dirkw Exp $ # $Id: prototype.tls-protocol-checker.bash,v 1.11 2015/01/12 21:56:06 dirkw Exp $