From cf0da7f994dfdd8f07e5486df17187dafe27a633 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 25 Jul 2017 12:46:37 -0400 Subject: [PATCH 1/3] Fix client simulations with SSLv2 ClientHello This PR fixes the extraction of the cipher suites in SSLv2 ClientHellos in `client_simulation_sockets()`. Since `client_simulation_sockets()` can only handle SSLv3 and above ServerHellos, it removes any SSLv2 ciphers and converts the other cipher from 3-byte format to 2-byte format. --- testssl.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/testssl.sh b/testssl.sh index 24a2796..3baea56 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3433,7 +3433,7 @@ client_simulation_sockets() { local -i len i ret=0 local -i save=0 local lines clienthello data="" - local cipher_list_2send + local cipher_list_2send="" local sock_reply_file2 sock_reply_file3 local tls_hello_ascii next_packet hello_done=0 local -i sid_len offset1 offset2 @@ -3458,12 +3458,17 @@ client_simulation_sockets() { offset2=182+$sid_len len=4*$(hex2dec "${data:offset1:2}${data:offset2:2}")-2 offset1=186+$sid_len + code2network "$(tolower "${data:offset1:len}")" # convert CIPHER_SUITES to a "standardized" format else # Extact list of cipher suites from SSLv2 ClientHello - offset1=46 - len=4*$(hex2dec "${data:26:2}")-2 + len=2*$(hex2dec "${clienthello:12:2}") + for (( i=22; i < 22+len; i=i+6 )); do + offset1=$i+2 + offset2=$i+4 + [[ "${clienthello:i:2}" == "00" ]] && cipher_list_2send+=", ${clienthello:offset1:2},${clienthello:offset2:2}" + done + code2network "$(tolower "${cipher_list_2send:2}")" # convert CIPHER_SUITES to a "standardized" format fi - code2network "$(tolower "${data:offset1:len}")" # convert CIPHER_SUITES to a "standardized" format cipher_list_2send="$NW_STR" debugme echo "sending client hello..." From 37c8ee8c4e99ee5aa11618703af1706abcf5db04 Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 26 Jul 2017 22:37:50 +0200 Subject: [PATCH 2/3] Straigthen DEBUG level 2 FIX #786 Fixed all other occurences so that debug level 2 is showing only minimal information like rough status and errors Better line breaks for level 2 In ``client_simulation_sockets()`` and ``tls_sockets()`` moved debug output into if statements (may save a bit of time) Replaced "$DEBUG -eq" by "$DEBUG -ge" Removed obsolete hb_rounds in ``run_heartbleed()`` Adjusted wide output in vulnerabilities --- testssl.sh | 113 ++++++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 57 deletions(-) diff --git a/testssl.sh b/testssl.sh index d3fdea4..ef6ad9f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2139,7 +2139,7 @@ run_more_flags() { pr_bold " Security headers " for f2t in $good_flags2test; do - debugme echo "---> $f2t" + [[ "$DEBUG" -ge 5 ]] && echo "testing \"$f2t\"" detect_header "$f2t" "$f2t" "$spaces" if [[ $? -ge 1 ]]; then if ! "$first"; then @@ -2155,7 +2155,7 @@ run_more_flags() { done for f2t in $other_flags2test; do - debugme echo "---> $f2t" + [[ "$DEBUG" -ge 5 ]] && echo "testing \"$f2t\"" detect_header "$f2t" "$f2t" "$spaces" if [[ $? -ge 1 ]]; then if ! "$first"; then @@ -2377,7 +2377,7 @@ socksend() { else data=$(sed -e 's/# .*$//g' -e 's/ //g' <<< "$1" | sed -r 's/^[[:space:]]+//; s/[[:space:]]+$//; /^$/d' | sed 's/,/\\/g' | tr -d '\n') fi - [[ $DEBUG -ge 4 ]] && echo "\"$data\"" + [[ $DEBUG -ge 4 ]] && echo -e "\n\"$data\"" printf -- "$data" >&5 2>/dev/null & sleep $2 } @@ -3471,7 +3471,7 @@ client_simulation_sockets() { code2network "$(tolower "${data:offset1:len}")" # convert CIPHER_SUITES to a "standardized" format cipher_list_2send="$NW_STR" - debugme echo "sending client hello..." + debugme echo -e "\nsending client hello... " code2network "${data}" data="$NW_STR" fd_socket 5 || return 6 @@ -3490,7 +3490,7 @@ client_simulation_sockets() { sock_reply_file2=${SOCK_REPLY_FILE}.2 mv "$SOCK_REPLY_FILE" "$sock_reply_file2" - debugme echo "requesting more server hello data..." + debugme echo -n "requesting more server hello data... " socksend "" $USLEEP_SND sockread_serverhello 32768 @@ -3516,12 +3516,11 @@ client_simulation_sockets() { fi done - debugme tmln_out "reading server hello..." + debugme echo "reading server hello..." if [[ "$DEBUG" -ge 4 ]]; then hexdump -C $SOCK_REPLY_FILE | head -6 echo fi - parse_tls_serverhello "$tls_hello_ascii" "ephemeralkey" "$cipher_list_2send" save=$? @@ -3534,9 +3533,11 @@ client_simulation_sockets() { fi fi - # see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL - lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>$ERRFILE)") - debugme tm_out " (returned $lines lines) " + if [[ $DEBUG -ge 2 ]]; then + # see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL + lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>$ERRFILE)") + tm_out " ($lines lines returned) " + fi # determine the return value for higher level, so that they can tell what the result is if [[ $save -eq 1 ]] || [[ $lines -eq 1 ]]; then @@ -3767,7 +3768,7 @@ run_prototest_openssl() { $OPENSSL s_client -state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE - [[ "$DEBUG" -eq 5 ]] && echo $tls_hello_ascii # one line without any blanks + [[ "$DEBUG" -ge 5 ]] && echo $tls_hello_ascii # one line without any blanks # Client messages, including handshake messages, are carried by the record layer. # First, extract the handshake and alert messages. @@ -7692,7 +7693,7 @@ parse_tls_serverhello() { # byte 3+4: fragment length # bytes 5...: message fragment tls_hello_ascii_len=${#tls_hello_ascii} - if [[ $DEBUG -ge 2 ]] && [[ $tls_hello_ascii_len -gt 0 ]]; then + if [[ $DEBUG -ge 3 ]] && [[ $tls_hello_ascii_len -gt 0 ]]; then echo "TLS message fragments:" fi for (( i=0; i> $TMPFILE ;; - 02) echo -n "fatal " >> $TMPFILE ;; - esac - echo "alert $tls_alert_descrip" >> $TMPFILE - echo "===============================================================================" >> $TMPFILE if [[ $DEBUG -ge 2 ]]; then tmln_out " ($tls_alert_descrip)" tm_out " tls_err_level: ${tls_err_level}" - case $tls_err_level in - 01) tmln_out " (warning)" ;; - 02) tmln_out " (fatal)" ;; - *) tmln_out ;; - esac - tmln_out fi + case $tls_err_level in + 01) echo -n "warning " >> $TMPFILE + debugme tmln_out " (warning)" ;; + 02) echo -n "fatal " >> $TMPFILE + debugme tmln_out " (fatal)" ;; + esac + echo "alert $tls_alert_descrip" >> $TMPFILE + echo "===============================================================================" >> $TMPFILE + if [[ "$tls_err_level" != "01" ]] && [[ "$tls_err_level" != "02" ]]; then debugme tmln_warning "Unexpected AlertLevel (0x$tls_err_level)." return 1 @@ -8479,7 +8475,7 @@ sslv2_sockets() { # https://idea.popcount.org/2012-06-16-dissecting-ssl-handshake/ (client) fd_socket 5 || return 6 - debugme tmln_out "sending client hello... " + debugme echo -n "sending client hello... " socksend_sslv2_clienthello "$client_hello" sockread_serverhello 32768 @@ -8491,7 +8487,7 @@ sslv2_sockets() { sock_reply_file2=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7 mv "$SOCK_REPLY_FILE" "$sock_reply_file2" - debugme echo "requesting more server hello data..." + debugme echo -n "requesting more server hello data... " socksend "" $USLEEP_SND sockread_serverhello 32768 @@ -8501,7 +8497,7 @@ sslv2_sockets() { response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }') done fi - debugme tmln_out "reading server hello... " + debugme echo "reading server hello... " if [[ "$DEBUG" -ge 4 ]]; then hexdump -C "$SOCK_REPLY_FILE" | head -6 tmln_out @@ -8820,7 +8816,7 @@ tls_sockets() { code2network "$(tolower "$cipher_list_2send")" # convert CIPHER_SUITES to a "standardized" format cipher_list_2send="$NW_STR" - debugme echo "sending client hello..." + debugme echo -en "\nsending client hello... " socksend_tls_clienthello "$tls_low_byte" "$cipher_list_2send" "$4" "$offer_compression" ret=$? # 6 means opening socket didn't succeed, e.g. timeout @@ -8844,7 +8840,7 @@ tls_sockets() { sock_reply_file2=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7 mv "$SOCK_REPLY_FILE" "$sock_reply_file2" - debugme echo "requesting more server hello data..." + debugme echo -n "requesting more server hello data... " socksend "" $USLEEP_SND sockread_serverhello 32768 @@ -8872,7 +8868,7 @@ tls_sockets() { fi done - debugme tmln_out "reading server hello..." + debugme echo "reading server hello..." if [[ "$DEBUG" -ge 4 ]]; then hexdump -C $SOCK_REPLY_FILE | head -6 echo @@ -8890,9 +8886,11 @@ tls_sockets() { fi fi - # see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL - lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>$ERRFILE)") - debugme tm_out " (returned $lines lines) " + if [[ $DEBUG -ge 2 ]]; then + # see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL + lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>$ERRFILE)") + tm_out " ($lines lines returned) " + fi # determine the return value for higher level, so that they can tell what the result is if [[ $save -eq 1 ]] || [[ $lines -eq 1 ]]; then @@ -8901,11 +8899,11 @@ tls_sockets() { if [[ 03$tls_low_byte -eq $DETECTED_TLS_VERSION ]]; then ret=0 # protocol available, TLS version returned equal to the one send else - [[ $DEBUG -ge 2 ]] && echo -n "protocol send: 0x03$tls_low_byte, returned: 0x$DETECTED_TLS_VERSION" + debugme echo -n "protocol send: 0x03$tls_low_byte, returned: 0x$DETECTED_TLS_VERSION" ret=2 # protocol NOT available, server downgraded to $DETECTED_TLS_VERSION fi fi - debugme tmln_out + debugme echo else debugme echo "stuck on sending: $ret" fi @@ -8927,7 +8925,6 @@ run_heartbleed(){ local tls_proto_offered tls_hexcode local heartbleed_payload client_hello local -i n ret lines_returned - local -i hb_rounds=3 local append="" local tls_hello_ascii="" local cve="CVE-2014-0160" @@ -9015,11 +9012,10 @@ run_heartbleed(){ x00, x0f, x00, x01, x01" fd_socket 5 || return 6 - debugme tm_out "\nsending client hello (TLS version $tls_hexcode)" - debugme tmln_out " ($n of $hb_rounds)" + debugme echo -en "\nsending client hello... " socksend "$client_hello" 1 - debugme tmln_out "\nreading server hello" + debugme echo "reading server hello... " sockread_serverhello 32768 if [[ $DEBUG -ge 4 ]]; then hexdump -C "$SOCK_REPLY_FILE" | head -20 @@ -9159,10 +9155,10 @@ run_ccs_injection(){ fd_socket 5 || return 6 # we now make a standard handshake ... - debugme tm_out "\nsending client hello, " + debugme echo -n "sending client hello... " socksend "$client_hello" 1 - debugme tmln_out "\nreading server hello" + debugme echo "reading server hello... " sockread_serverhello 32768 if [[ $DEBUG -ge 4 ]]; then hexdump -C "$SOCK_REPLY_FILE" | head -20 @@ -9317,7 +9313,7 @@ run_ticketbleed() { SSLv3) tls_hexcode="x03, x00" ;; esac fi - debugme echo -e "\nusing protocol $tls_hexcode" + debugme echo "using protocol $tls_hexcode" session_tckt_tls="$(get_session_ticket_tls)" if [[ "$session_tckt_tls" == "," ]]; then @@ -9336,7 +9332,7 @@ run_ticketbleed() { len_handshake_ssl_layer="$(( len_handshake_record_layer + 4 ))" xlen_handshake_ssl_layer="$(dec04hex "$len_handshake_ssl_layer")" - if [[ "$DEBUG" -ge 2 ]]; then + if [[ "$DEBUG" -ge 4 ]]; then echo "len_tckt_tls (hex): $len_tckt_tls ($xlen_tckt_tls)" echo "sid: $sid" echo "len_sid (hex) $len_sid ($xlen_sid)" @@ -9426,10 +9422,10 @@ run_ticketbleed() { # we do 3 client hellos, and see whether different memmory is returned for i in 1 2 3; do fd_socket 5 || return 6 - debugme tmln_out "\nsending client hello " + debugme echo -n "sending client hello... " socksend "$client_hello" 0 - debugme tmln_out "\nreading server hello (ticketbleed reply)" + debugme echo "reading server hello (ticketbleed reply)... " if "$FAST_SOCKET"; then tls_hello_ascii=$(sockread_fast 32768) else @@ -9464,7 +9460,7 @@ run_ticketbleed() { sid_input=$(sed -e 's/x//g' -e 's/,//g' <<< "$sid") sid_detected[i]="${tls_hello_ascii:88:32}" memory[i]="${tls_hello_ascii:$((88+ len_sid*2)):$((32 - len_sid*2))}" - if [[ "$DEBUG" -ge 2 ]]; then + if [[ "$DEBUG" -ge 3 ]]; then echo echo "TLS version, record layer: ${tls_hello_ascii:18:4}" echo "Session ID: ${sid_detected[i]}" @@ -10059,7 +10055,7 @@ run_freak() { $OPENSSL s_client $STARTTLS $BUGS -cipher $exportrsa_cipher_list -connect $NODEIP:$PORT $PROXY $SNI $addcmd >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE Date: Wed, 26 Jul 2017 23:13:57 +0200 Subject: [PATCH 3/3] reflect 37c8ee8c4e99ee5aa11618703af1706abcf5db04: debug level 2 is showing only minimal information like rough status and errors --- doc/testssl.1 | 4 ++-- doc/testssl.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 1bd6991..bedaed6 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -325,7 +325,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, \.\.\., CSP headers) .IP "" 0 . .P -\fB\-\-show\-each\fR This is an option for all wide modes \-\- i\.e\. per switch or the each cipher test: it displays all ciphers tested \-\- not only succeeded ones\. \fBSHOW_EACH_C\fR is your friend if you prefer to set this via the shell environment\. +\fB\-\-show\-each\fR This is an option for all wide modes only: it displays all ciphers tested \-\- not only succeeded ones\. \fBSHOW_EACH_C\fR is your friend if you prefer to set this via the shell environment\. . .P \fB\-\-color <0|1|2>\fR It determines the use of colors on the screen: \fB2\fR is the default and makes use of ANSI and termcap escape codes on your terminal\. \fB1\fR just uses non\-colored mark\-up like bold, italics, underline, reverse\. \fB0\fR means no mark\-up at all = no escape codes\. Setting the environment varable \fBCOLOR\fR achives the same result\. @@ -340,7 +340,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, \.\.\., CSP headers) screen output normal but leaves useful debug output in \fB/tmp/testssl\.XXXXXX/\fR \. The info about the exact directory is included in the screen output\. . .IP "2." 4 -list more what\'s going on, e\.g\. lists some errors of connections and general debug statements +list more what\'s going on, status (high level) and connection errors, a few general debug output . .IP "3." 4 even slightly more info: hexdumps + other info diff --git a/doc/testssl.1.md b/doc/testssl.1.md index c6286f5..3c3033a 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -222,7 +222,7 @@ The same can be achived by setting the environment variable `WARNINGS`. * `no-rfc`: don't display the RFC cipher suite name, display OpenSSL names only. -`--show-each` This is an option for all wide modes -- i.e. per switch or the each cipher test: it displays all ciphers tested -- not only succeeded ones. `SHOW_EACH_C` is your friend if you prefer to set this via the shell environment. +`--show-each` This is an option for all wide modes only: it displays all ciphers tested -- not only succeeded ones. `SHOW_EACH_C` is your friend if you prefer to set this via the shell environment. `--color <0|1|2>` It determines the use of colors on the screen: `2` is the default and makes use of ANSI and termcap escape codes on your terminal. `1` just uses non-colored mark-up like bold, italics, underline, reverse. `0` means no mark-up at all = no escape codes. Setting the environment varable `COLOR` achives the same result. @@ -233,7 +233,7 @@ The same can be achived by setting the environment variable `WARNINGS`. `--debug <0-6>` This gives you additional output on the screen (2-6), only useful for debugging. `DEBUG` is the according enviroment variable which you can use. There are six levels (0 is the default, thus it has no effect): 1. screen output normal but leaves useful debug output in __/tmp/testssl.XXXXXX/__ . The info about the exact directory is included in the screen output. -2. list more what's going on, e.g. lists some errors of connections and general debug statements +2. list more what's going on, status (high level) and connection errors, a few general debug output 3. even slightly more info: hexdumps + other info 4. display bytes sent via sockets 5. display bytes received via sockets