mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-21 07:59:31 +01:00
- some internal code internal cleanups
- minor cosmetic output corrections - preparation for bash sockets for SSLv3 to TLS 1.2
This commit is contained in:
parent
4556108a72
commit
f8ba69f9fb
447
testssl.sh
447
testssl.sh
@ -49,24 +49,25 @@ SWCONTACT="dirk aet testssl dot sh"
|
|||||||
# following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host>
|
# following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host>
|
||||||
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
|
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
|
||||||
SHOW_LOC_CIPH=${SHOW_LOC_CIPH:-0} # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
SHOW_LOC_CIPH=${SHOW_LOC_CIPH:-0} # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
||||||
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
|
|
||||||
# whether handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
|
|
||||||
LOCERR=${LOCERR:-0} # displays the local error
|
|
||||||
SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested
|
SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested
|
||||||
SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual
|
SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual
|
||||||
HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-3} # we wait this long before killing the process to retrieve a service banner / http header
|
|
||||||
SSL_NATIVE=${SSL_NATIVE:-0} # we do per default bash sockets!
|
SSL_NATIVE=${SSL_NATIVE:-0} # we do per default bash sockets!
|
||||||
ASSUMING_HTTP=${ASSUMING_HTTP:-0} # in seldom cases (WAF, old servers/grumpy SSL) the service detection fails. Set to 1 for HTTP
|
ASSUMING_HTTP=${ASSUMING_HTTP:-0} # in seldom cases (WAF, old servers/grumpy SSL) the service detection fails. Set to 1 for HTTP
|
||||||
|
DEBUG=${DEBUG:-0} # if 1 the temp files won't be erased. 2: list more what's going on (formerly: eq VERBOSE=1),
|
||||||
|
# 3: slight hexdumps and other info, 4: the whole nine yards of output
|
||||||
|
#FIXME: still to be filled with (more) sense or following to be included:
|
||||||
|
LOCERR=${LOCERR:-0} # displays the local error
|
||||||
|
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
|
||||||
|
# whether handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
|
||||||
|
|
||||||
#FIXME: still to be filled with (more) sense:
|
HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-3} # we wait this long before killing the process to retrieve a service banner / http header
|
||||||
DEBUG=${DEBUG:-0} # if 1 the temp files won't be erased. 2: list more what's going on (formerly: eq VERBOSE=1), 3: slight hexdumps
|
MAX_WAITSOCK=10 # waiting at max 10 seconds for socket reply
|
||||||
# and other info, 4: the whole nine yards of output
|
USLEEP_SND=${USLEEP_SND:-0.1} # sleep time for general socket send
|
||||||
PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
USLEEP_REC=${USLEEP_REC:-0.2} # sleep time for general socket receive
|
||||||
|
|
||||||
CAPATH="${CAPATH:-/etc/ssl/certs/}" # Does nothing yet. FC has only a CA bundle per default, ==> openssl version -d
|
CAPATH="${CAPATH:-/etc/ssl/certs/}" # Does nothing yet. FC has only a CA bundle per default, ==> openssl version -d
|
||||||
HSTS_MIN=180 # >180 days is ok for HSTS
|
HSTS_MIN=180 # >180 days is ok for HSTS
|
||||||
HPKP_MIN=30 # >=30 days should be ok for HPKP_MIN, practical hints?
|
HPKP_MIN=30 # >=30 days should be ok for HPKP_MIN, practical hints?
|
||||||
MAX_WAITSOCK=10 # waiting at max 10 seconds for socket reply
|
|
||||||
CLIENT_MIN_PFS=5 # number of ciphers needed to run a test for PFS
|
CLIENT_MIN_PFS=5 # number of ciphers needed to run a test for PFS
|
||||||
DAYS2WARN1=60 # days to warn before cert expires, threshold 1
|
DAYS2WARN1=60 # days to warn before cert expires, threshold 1
|
||||||
DAYS2WARN2=30 # days to warn before cert expires, threshold 2
|
DAYS2WARN2=30 # days to warn before cert expires, threshold 2
|
||||||
@ -77,8 +78,12 @@ NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
|
|||||||
RUN_DIR=$(dirname $0)
|
RUN_DIR=$(dirname $0)
|
||||||
TEMPDIR=""
|
TEMPDIR=""
|
||||||
TLS_PROTO_OFFERED=""
|
TLS_PROTO_OFFERED=""
|
||||||
|
DETECTED_TLS_VERSION=""
|
||||||
SOCKREPLY=""
|
SOCKREPLY=""
|
||||||
|
SOCK_REPLY_FILE=""
|
||||||
HEXC=""
|
HEXC=""
|
||||||
|
NW_STR=""
|
||||||
|
LEN_STR=""
|
||||||
SNI=""
|
SNI=""
|
||||||
IP4=""
|
IP4=""
|
||||||
IP6=""
|
IP6=""
|
||||||
@ -91,14 +96,75 @@ IPS=""
|
|||||||
SERVICE="" # is the server running an HTTP server, SMTP, POP or IMAP?
|
SERVICE="" # is the server running an HTTP server, SMTP, POP or IMAP?
|
||||||
|
|
||||||
|
|
||||||
|
# debugging help:
|
||||||
|
PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
||||||
|
|
||||||
# make sure that temporary files are cleaned up after use
|
# make sure that temporary files are cleaned up after use
|
||||||
trap "cleanup" QUIT EXIT
|
trap "cleanup" QUIT EXIT
|
||||||
|
|
||||||
|
|
||||||
# The various hexdump commands we need to replace xxd (BSD compatability))
|
# The various hexdump commands we need to replace xxd (BSD compatability))
|
||||||
HEXDUMPVIEW=(hexdump -C) # This is used in verbose mode to see what's going on
|
HEXDUMPVIEW=(hexdump -C) # This is used in verbose mode to see what's going on
|
||||||
HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyse the reply
|
HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyse the reply
|
||||||
HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]'
|
HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]'
|
||||||
|
|
||||||
|
|
||||||
|
###### some hexbytes for bash network sockets ######
|
||||||
|
|
||||||
|
# 133 standard cipher for TLS 1.2 and SPDY/NPN
|
||||||
|
TLS12_CIPHER="
|
||||||
|
cc, 14, cc, 13, cc, 15, c0, 30, c0, 2c, c0, 28, c0, 24, c0, 14,
|
||||||
|
c0, 0a, c0, 22, c0, 21, c0, 20, 00, a5, 00, a3, 00, a1, 00, 9f,
|
||||||
|
00, 6b, 00, 6a, 00, 69, 00, 68, 00, 39, 00, 38, 00, 37, 00, 36,
|
||||||
|
c0, 77, c0, 73, 00, c4, 00, c3, 00, c2, 00, c1, 00, 88, 00, 87,
|
||||||
|
00, 86, 00, 85, c0, 32, c0, 2e, c0, 2a, c0, 26, c0, 0f, c0, 05,
|
||||||
|
c0, 79, c0, 75, 00, 9d, 00, 3d, 00, 35, 00, c0, 00, 84, c0, 2f,
|
||||||
|
c0, 2b, c0, 27, c0, 23, c0, 13, c0, 09, c0, 1f, c0, 1e, c0, 1d,
|
||||||
|
00, a4, 00, a2, 00, a0, 00, 9e, 00, 67, 00, 40, 00, 3f, 00, 3e,
|
||||||
|
00, 33, 00, 32, 00, 31, 00, 30, c0, 76, c0, 72, 00, be, 00, bd,
|
||||||
|
00, bc, 00, bb, 00, 9a, 00, 99, 00, 98, 00, 97, 00, 45, 00, 44,
|
||||||
|
00, 43, 00, 42, c0, 31, c0, 2d, c0, 29, c0, 25, c0, 0e, c0, 04,
|
||||||
|
c0, 78, c0, 74, 00, 9c, 00, 3c, 00, 2f, 00, ba, 00, 96, 00, 41,
|
||||||
|
00, 07, c0, 11, c0, 07, 00, 66, c0, 0c, c0, 02, 00, 05, 00, 04,
|
||||||
|
c0, 12, c0, 08, c0, 1c, c0, 1b, c0, 1a, 00, 16, 00, 13, 00, 10,
|
||||||
|
00, 0d, c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f,
|
||||||
|
00, 0c, 00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e,
|
||||||
|
00, 0b, 00, 08, 00, 06, 00, 03, 00, ff"
|
||||||
|
|
||||||
|
# 76 standard cipher for SSLv3, TLS 1, TLS 1.1
|
||||||
|
TLS_CIPHER="
|
||||||
|
c0, 14, c0, 0a, c0, 22, c0, 21, c0, 20, 00, 39, 00, 38, 00, 37,
|
||||||
|
00, 36, 00, 88, 00, 87, 00, 86, 00, 85, c0, 0f, c0, 05, 00, 35,
|
||||||
|
00, 84, c0, 13, c0, 09, c0, 1f, c0, 1e, c0, 1d, 00, 33, 00, 32,
|
||||||
|
00, 31, 00, 30, 00, 9a, 00, 99, 00, 98, 00, 97, 00, 45, 00, 44,
|
||||||
|
00, 43, 00, 42, c0, 0e, c0, 04, 00, 2f, 00, 96, 00, 41, 00, 07,
|
||||||
|
c0, 11, c0, 07, 00, 66, c0, 0c, c0, 02, 00, 05, 00, 04, c0, 12,
|
||||||
|
c0, 08, c0, 1c, c0, 1b, c0, 1a, 00, 16, 00, 13, 00, 10, 00, 0d,
|
||||||
|
c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f, 00, 0c,
|
||||||
|
00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e, 00, 0b,
|
||||||
|
00, 08, 00, 06, 00, 03, 00, ff"
|
||||||
|
|
||||||
|
SSLv2_CLIENT_HELLO="
|
||||||
|
,80,34 # length (here: 52)
|
||||||
|
,01 # Client Hello
|
||||||
|
,00,02 # SSLv2
|
||||||
|
,00,1b # cipher spec length (here: 27 )
|
||||||
|
,00,00 # session ID length
|
||||||
|
,00,10 # challenge length
|
||||||
|
,05,00,80 # 1st cipher 9 cipher specs, only classical V2 ciphers are used here, see http://max.euston.net/d/tip_sslciphers.html
|
||||||
|
,03,00,80 # 2nd there are v3 in v2!!! : https://tools.ietf.org/html/rfc6101#appendix-E
|
||||||
|
,01,00,80 # 3rd Cipher specifications introduced in version 3.0 can be included in version 2.0 client hello messages using
|
||||||
|
,07,00,c0 # 4th the syntax below. [..] # V2CipherSpec (see Version 3.0 name) = { 0x00, CipherSuite }; !!!!
|
||||||
|
,08,00,80 # 5th
|
||||||
|
,06,00,40 # 6th
|
||||||
|
,04,00,80 # 7th
|
||||||
|
,02,00,80 # 8th
|
||||||
|
,00,00,00 # 9th
|
||||||
|
,29,22,be,b3,5a,01,8b,04,fe,5f,80,03,a0,13,eb,c4" # Challenge
|
||||||
|
|
||||||
|
|
||||||
|
###### output functions ######
|
||||||
|
|
||||||
out() {
|
out() {
|
||||||
$ECHO "$1"
|
$ECHO "$1"
|
||||||
}
|
}
|
||||||
@ -107,8 +173,7 @@ outln() {
|
|||||||
$ECHO "\n"
|
$ECHO "\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
# http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
|
# color print functions, see also http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
|
||||||
#### color print functions
|
|
||||||
|
|
||||||
pr_off() {
|
pr_off() {
|
||||||
[[ "$COLOR" -ne 0 ]] && out "\033[m\c"
|
[[ "$COLOR" -ne 0 ]] && out "\033[m\c"
|
||||||
@ -220,7 +285,7 @@ if [[ "$COLOR" -ge 1 ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
###### function definitions
|
###### helper function definitions ######
|
||||||
|
|
||||||
debugme() {
|
debugme() {
|
||||||
if [[ $DEBUG -ge 2 ]]; then
|
if [[ $DEBUG -ge 2 ]]; then
|
||||||
@ -280,53 +345,8 @@ wait_kill(){
|
|||||||
return 3 # killed
|
return 3 # killed
|
||||||
}
|
}
|
||||||
|
|
||||||
# in a nutshell: It's HTTP-level compression & an attack which works against any cipher suite and
|
|
||||||
# is agnostic to the version of TLS/SSL, more: http://www.breachattack.com/
|
|
||||||
# foreign referers are the important thing here!
|
|
||||||
breach() {
|
|
||||||
pr_bold " BREACH"; out " (CVE-2013-3587) =HTTP Compression "
|
|
||||||
url="$1"
|
|
||||||
[ -z "$url" ] && url="/"
|
|
||||||
if [ $SNEAKY -eq 0 ] ; then
|
|
||||||
referer="Referer: http://google.com/" # see https://community.qualys.com/message/20360
|
|
||||||
useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
|
|
||||||
else
|
|
||||||
referer="Referer: TLS/SSL-Tester from $SWURL"
|
|
||||||
useragent="User-Agent: Mozilla/4.0 (X11; Linux x86_64; rv:42.0) Gecko/19700101 Firefox/42.0"
|
|
||||||
fi
|
|
||||||
(
|
|
||||||
$OPENSSL s_client -quiet -connect $NODEIP:$PORT $SNI << EOF
|
|
||||||
GET $url HTTP/1.1
|
|
||||||
Host: $NODE
|
|
||||||
$useragent
|
|
||||||
Accept: text/*
|
|
||||||
Accept-Language: en-US,en
|
|
||||||
Accept-encoding: gzip,deflate,compress
|
|
||||||
$referer
|
|
||||||
Connection: close
|
|
||||||
|
|
||||||
EOF
|
|
||||||
) &>$HEADERFILE_BREACH &
|
|
||||||
pid=$!
|
|
||||||
if wait_kill $pid $HEADER_MAXSLEEP; then
|
|
||||||
result=$(grep -a '^Content-Encoding' $HEADERFILE_BREACH | sed -e 's/^Content-Encoding//' -e 's/://' -e 's/ //g')
|
|
||||||
result=$(echo $result | tr -cd '\40-\176')
|
|
||||||
if [ -z $result ]; then
|
|
||||||
pr_green "no HTTP compression (OK) "
|
|
||||||
ret=0
|
|
||||||
else
|
|
||||||
pr_litered "NOT ok, uses $result compression "
|
|
||||||
ret=1
|
|
||||||
fi
|
|
||||||
# Catch: any URL can be vulnerable. I am testing now only the root. URL!
|
|
||||||
outln "(only \"$url\" tested)"
|
|
||||||
else
|
|
||||||
pr_litemagentaln "failed (HTTP header request stalled)"
|
|
||||||
ret=3
|
|
||||||
fi
|
|
||||||
return $ret
|
|
||||||
}
|
|
||||||
|
|
||||||
|
###### check code starts here ######
|
||||||
|
|
||||||
# determines whether the port has an HTTP service running or not (plain TLS, no STARTTLS)
|
# determines whether the port has an HTTP service running or not (plain TLS, no STARTTLS)
|
||||||
runs_HTTP() {
|
runs_HTTP() {
|
||||||
@ -444,7 +464,9 @@ hsts() {
|
|||||||
pr_brown "$hsts_age_days days (<$HSTS_MIN is not good enough)"
|
pr_brown "$hsts_age_days days (<$HSTS_MIN is not good enough)"
|
||||||
fi
|
fi
|
||||||
includeSubDomains "$TMPFILE"
|
includeSubDomains "$TMPFILE"
|
||||||
preload "$TMPFILE" #FIXME: To be checked against: e.g. https://dxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSTSPreloadList.inc and https://chromium.googlesource.com/chromium/src/+/master/net/http/transport_security_state_static.json
|
preload "$TMPFILE"
|
||||||
|
#FIXME: To be checked against e.g. https://dxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSTSPreloadList.inc
|
||||||
|
# and https://chromium.googlesource.com/chromium/src/+/master/net/http/transport_security_state_static.json
|
||||||
else
|
else
|
||||||
out "--"
|
out "--"
|
||||||
fi
|
fi
|
||||||
@ -925,21 +947,13 @@ runprotocols() {
|
|||||||
run_std_cipherlists() {
|
run_std_cipherlists() {
|
||||||
outln
|
outln
|
||||||
pr_blue "--> Testing standard cipher lists"; outln "\n"
|
pr_blue "--> Testing standard cipher lists"; outln "\n"
|
||||||
# see man ciphers
|
# see ciphers(1ssl)
|
||||||
std_cipherlists NULL:eNULL " Null Cipher " 1
|
std_cipherlists NULL:eNULL " Null Cipher " 1
|
||||||
std_cipherlists aNULL " Anonymous NULL Cipher " 1
|
std_cipherlists aNULL " Anonymous NULL Cipher " 1
|
||||||
std_cipherlists ADH " Anonymous DH Cipher " 1
|
std_cipherlists ADH " Anonymous DH Cipher " 1
|
||||||
#if [[ "$OSSL_VER" = *chacha* ]]; then
|
|
||||||
#out " 40 Bit encryption "; pr_magentaln "Local problem: $OPENSSL has a bug here"
|
|
||||||
#else
|
|
||||||
std_cipherlists EXPORT40 " 40 Bit encryption " 1
|
std_cipherlists EXPORT40 " 40 Bit encryption " 1
|
||||||
#fi
|
|
||||||
std_cipherlists EXPORT56 " 56 Bit encryption " 1
|
std_cipherlists EXPORT56 " 56 Bit encryption " 1
|
||||||
#if [[ "$OSSL_VER" = *chacha* ]]; then
|
|
||||||
# out " Export Cipher (general) "; pr_magentaln "Local problem: $OPENSSL has a bug here"
|
|
||||||
#else
|
|
||||||
std_cipherlists EXPORT " Export Cipher (general) " 1
|
std_cipherlists EXPORT " Export Cipher (general) " 1
|
||||||
#fi
|
|
||||||
std_cipherlists LOW " Low (<=64 Bit) " 1
|
std_cipherlists LOW " Low (<=64 Bit) " 1
|
||||||
std_cipherlists DES " DES Cipher " 1
|
std_cipherlists DES " DES Cipher " 1
|
||||||
std_cipherlists 3DES " Triple DES Cipher " 2
|
std_cipherlists 3DES " Triple DES Cipher " 2
|
||||||
@ -1101,7 +1115,7 @@ server_defaults() {
|
|||||||
*) outln "$keysize" ;;
|
*) outln "$keysize" ;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
# google seems to have EC keys which displays as 256 Bit
|
#FIXME: google seems to have EC keys which displays as 256 Bit
|
||||||
|
|
||||||
out " Signature Algorithm "
|
out " Signature Algorithm "
|
||||||
algo=$($OPENSSL x509 -in $HOSTCERT -noout -text | grep "Signature Algorithm" | sed 's/^.*Signature Algorithm: //' | sort -u )
|
algo=$($OPENSSL x509 -in $HOSTCERT -noout -text | grep "Signature Algorithm" | sed 's/^.*Signature Algorithm: //' | sort -u )
|
||||||
@ -1173,14 +1187,14 @@ server_defaults() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
case $(uname -s) in
|
case $(uname -s) in
|
||||||
Linux)
|
FreeBSD|Mac*)
|
||||||
enddate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
|
||||||
startdate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
|
||||||
;;
|
|
||||||
FreeBSD)
|
|
||||||
enddate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
enddate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
||||||
startdate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
startdate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
||||||
;;
|
;;
|
||||||
|
*)
|
||||||
|
enddate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
||||||
|
startdate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
outln " ($startdate --> $enddate)"
|
outln " ($startdate --> $enddate)"
|
||||||
|
|
||||||
@ -1242,17 +1256,17 @@ pfs() {
|
|||||||
local none
|
local none
|
||||||
local number_pfs
|
local number_pfs
|
||||||
local hexcode n ciph sslvers kx auth enc mac
|
local hexcode n ciph sslvers kx auth enc mac
|
||||||
|
local pfs_ciphers='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS:@STRENGTH'
|
||||||
|
# ^^^ the exclusing via ! doesn't work with libressl.
|
||||||
|
# https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
|
||||||
|
|
||||||
|
# pfs_ciphers='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH'
|
||||||
|
# this catches also ECDHE-ECDSA-NULL-SHA or ECDHE-RSA-RC4-SHA
|
||||||
|
|
||||||
outln
|
outln
|
||||||
pr_blue "--> Testing (Perfect) Forward Secrecy (P)FS)"; outln " -- omitting 3DES, RC4 and Null Encryption here"
|
pr_blue "--> Testing (Perfect) Forward Secrecy (P)FS)"; outln " -- omitting 3DES, RC4 and Null Encryption here"
|
||||||
# https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
|
|
||||||
PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS:@STRENGTH'
|
|
||||||
# ^^^ remark: the exclusing via ! doesn't work with libressl.
|
|
||||||
#
|
|
||||||
# PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH'
|
|
||||||
# this catches also ECDHE-ECDSA-NULL-SHA or ECDHE-RSA-RC4-SHA
|
|
||||||
|
|
||||||
$OPENSSL ciphers -V "$PFSOK" >$TMPFILE 2>/dev/null
|
$OPENSSL ciphers -V "$pfs_ciphers" >$TMPFILE 2>/dev/null
|
||||||
if [ $? -ne 0 ] ; then
|
if [ $? -ne 0 ] ; then
|
||||||
number_pfs=$(wc -l < $TMPFILE)
|
number_pfs=$(wc -l < $TMPFILE)
|
||||||
if [ "$number_pfs" -le "$CLIENT_MIN_PFS" ] ; then
|
if [ "$number_pfs" -le "$CLIENT_MIN_PFS" ] ; then
|
||||||
@ -1279,22 +1293,21 @@ pfs() {
|
|||||||
while read hexcode n ciph sslvers kx auth enc mac; do
|
while read hexcode n ciph sslvers kx auth enc mac; do
|
||||||
$OPENSSL s_client -cipher $ciph $STARTTLS -connect $NODEIP:$PORT $SNI &>/dev/null </dev/null
|
$OPENSSL s_client -cipher $ciph $STARTTLS -connect $NODEIP:$PORT $SNI &>/dev/null </dev/null
|
||||||
ret2=$?
|
ret2=$?
|
||||||
if [ $ret2 -ne 0 ] && [ "$SHOW_EACH_C" -eq 0 ] ; then
|
if [[ $ret2 -ne 0 ]] && [[ "$SHOW_EACH_C" -eq 0 ]] ; then
|
||||||
continue # no successful connect AND not verbose displaying each cipher
|
continue # no successful connect AND not verbose displaying each cipher
|
||||||
fi
|
fi
|
||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc $strength
|
neat_list $HEXC $ciph $kx $enc $strength
|
||||||
let "none++"
|
let "none++"
|
||||||
((none++))
|
if [[ "$SHOW_EACH_C" -ne 0 ]] ; then
|
||||||
if [ "$SHOW_EACH_C" -ne 0 ] ; then
|
if [[ $ret2 -eq 0 ]]; then
|
||||||
if [ $ret2 -eq 0 ]; then
|
|
||||||
pr_green "works"
|
pr_green "works"
|
||||||
else
|
else
|
||||||
out "not a/v"
|
out "not a/v"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
done < <($OPENSSL ciphers -V "$PFSOK")
|
done < <($OPENSSL ciphers -V "$pfs_ciphers")
|
||||||
# ^^^^^ posix redirect as shopt will either segfault or doesn't work with old bash versions
|
# ^^^^^ posix redirect as shopt will either segfault or doesn't work with old bash versions
|
||||||
outln
|
outln
|
||||||
debugme echo $none
|
debugme echo $none
|
||||||
@ -1328,13 +1341,13 @@ rc4() {
|
|||||||
while read hexcode n ciph sslvers kx auth enc mac; do
|
while read hexcode n ciph sslvers kx auth enc mac; do
|
||||||
$OPENSSL s_client -cipher $ciph $STARTTLS -connect $NODEIP:$PORT $SNI </dev/null &>/dev/null
|
$OPENSSL s_client -cipher $ciph $STARTTLS -connect $NODEIP:$PORT $SNI </dev/null &>/dev/null
|
||||||
ret=$?
|
ret=$?
|
||||||
if [ $ret -ne 0 ] && [ "$SHOW_EACH_C" -eq 0 ] ; then
|
if [[ $ret -ne 0 ]] && [[ "$SHOW_EACH_C" -eq 0 ]] ; then
|
||||||
continue # no successful connect AND not verbose displaying each cipher
|
continue # no successful connect AND not verbose displaying each cipher
|
||||||
fi
|
fi
|
||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc $strength
|
neat_list $HEXC $ciph $kx $enc $strength
|
||||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
if [[ "$SHOW_EACH_C" -ne 0 ]]; then
|
||||||
if [ $ret -eq 0 ]; then
|
if [[ $ret -eq 0 ]]; then
|
||||||
pr_litered "available"
|
pr_litered "available"
|
||||||
else
|
else
|
||||||
out "not a/v"
|
out "not a/v"
|
||||||
@ -1362,6 +1375,55 @@ rc4() {
|
|||||||
# good start to read: http://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS.2FSSL
|
# good start to read: http://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS.2FSSL
|
||||||
|
|
||||||
|
|
||||||
|
# in a nutshell: It's HTTP-level compression & an attack which works against any cipher suite and
|
||||||
|
# is agnostic to the version of TLS/SSL, more: http://www.breachattack.com/
|
||||||
|
# foreign referers are the important thing here!
|
||||||
|
breach() {
|
||||||
|
pr_bold " BREACH"; out " (CVE-2013-3587) =HTTP Compression "
|
||||||
|
url="$1"
|
||||||
|
[ -z "$url" ] && url="/"
|
||||||
|
if [ $SNEAKY -eq 0 ] ; then
|
||||||
|
referer="Referer: http://google.com/" # see https://community.qualys.com/message/20360
|
||||||
|
useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
|
||||||
|
else
|
||||||
|
referer="Referer: TLS/SSL-Tester from $SWURL"
|
||||||
|
useragent="User-Agent: Mozilla/4.0 (X11; Linux x86_64; rv:42.0) Gecko/19700101 Firefox/42.0"
|
||||||
|
fi
|
||||||
|
(
|
||||||
|
$OPENSSL s_client -quiet -connect $NODEIP:$PORT $SNI << EOF
|
||||||
|
GET $url HTTP/1.1
|
||||||
|
Host: $NODE
|
||||||
|
$useragent
|
||||||
|
Accept: text/*
|
||||||
|
Accept-Language: en-US,en
|
||||||
|
Accept-encoding: gzip,deflate,compress
|
||||||
|
$referer
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
EOF
|
||||||
|
) &>$HEADERFILE_BREACH &
|
||||||
|
pid=$!
|
||||||
|
if wait_kill $pid $HEADER_MAXSLEEP; then
|
||||||
|
result=$(grep -a '^Content-Encoding' $HEADERFILE_BREACH | sed -e 's/^Content-Encoding//' -e 's/://' -e 's/ //g')
|
||||||
|
result=$(echo $result | tr -cd '\40-\176')
|
||||||
|
if [ -z $result ]; then
|
||||||
|
pr_green "no HTTP compression (OK) "
|
||||||
|
ret=0
|
||||||
|
else
|
||||||
|
pr_litered "NOT ok, uses $result compression "
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
# Catch: any URL can be vulnerable. I am testing now only the root. URL!
|
||||||
|
outln "(only \"$url\" tested)"
|
||||||
|
else
|
||||||
|
pr_litemagentaln "failed (HTTP header request stalled)"
|
||||||
|
ret=3
|
||||||
|
fi
|
||||||
|
return $ret
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
lucky13() {
|
lucky13() {
|
||||||
#FIXME: to do
|
#FIXME: to do
|
||||||
# CVE-2013-0169
|
# CVE-2013-0169
|
||||||
@ -1435,9 +1497,23 @@ close_socket(){
|
|||||||
## old network code ^^^^^^
|
## old network code ^^^^^^
|
||||||
|
|
||||||
|
|
||||||
### new funcs for network follow
|
###### new funcs for network follow
|
||||||
|
|
||||||
socksend_clienthello() {
|
# first: helper function for protocol checks
|
||||||
|
|
||||||
|
code2network() {
|
||||||
|
# arg1: formatted string here in the code
|
||||||
|
NW_STR=$(echo "$1" | sed -e 's/,/\\\x/g' | sed -e 's/# .*$//g' -e 's/ //g' -e '/^$/d' | tr -d '\n' | tr -d '\t')
|
||||||
|
}
|
||||||
|
|
||||||
|
len2twobytes() {
|
||||||
|
len_arg1=$(echo ${#1})
|
||||||
|
[[ $len_arg1 -le 2 ]] && LEN_STR=$(printf "00, %02s \n" $1)
|
||||||
|
[[ $len_arg1 -eq 3 ]] && LEN_STR=$(printf "%02s, %02s \n" ${1:0:1} ${1:1:2})
|
||||||
|
[[ $len_arg1 -eq 4 ]] && LEN_STR=$(printf "%02s, %02s \n" ${1:0:2} ${1:2:2})
|
||||||
|
}
|
||||||
|
|
||||||
|
socksend_sslv2_clienthello() {
|
||||||
code2network "$SSLv2_CLIENT_HELLO"
|
code2network "$SSLv2_CLIENT_HELLO"
|
||||||
data=$(echo $NW_STR)
|
data=$(echo $NW_STR)
|
||||||
[[ "$DEBUG" -ge 3 ]] && echo "\"$data\""
|
[[ "$DEBUG" -ge 3 ]] && echo "\"$data\""
|
||||||
@ -1445,6 +1521,7 @@ socksend_clienthello() {
|
|||||||
sleep $USLEEP_SND
|
sleep $USLEEP_SND
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# for SSLv2 to TLS 1.2:
|
||||||
sockread_serverhello() {
|
sockread_serverhello() {
|
||||||
[[ "x$2" = "x" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
|
[[ "x$2" = "x" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
|
||||||
ret=0
|
ret=0
|
||||||
@ -1463,6 +1540,7 @@ sockread_serverhello() {
|
|||||||
[[ $maxsleep -le 0 ]] && break
|
[[ $maxsleep -le 0 ]] && break
|
||||||
done
|
done
|
||||||
|
|
||||||
|
#FIXME: wait_kill
|
||||||
if ps $pid >/dev/null ; then
|
if ps $pid >/dev/null ; then
|
||||||
# time's up and dd is still alive --> timeout
|
# time's up and dd is still alive --> timeout
|
||||||
kill $pid >&2 2>/dev/null
|
kill $pid >&2 2>/dev/null
|
||||||
@ -1474,19 +1552,19 @@ sockread_serverhello() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# arg1: name of file with socket reply
|
# arg1: name of file with socket reply
|
||||||
display_sslv2serverhello() {
|
display_sslv2_serverhello() {
|
||||||
# server hello: in hex representation, see below
|
# server hello: in hex representation, see below
|
||||||
# byte 1+2: length of server hello 0123
|
# byte 1+2: length of server hello 0123
|
||||||
# 3: 04=Handshake message, server hello 45
|
# 3: 04=Handshake message, server hello 45
|
||||||
# 4: session id hit or not (boolean: 00=false, this 67
|
# 4: session id hit or not (boolean: 00=false, this 67
|
||||||
# is the normal case)
|
# is the normal case)
|
||||||
# 5: certificate type, 01 = x509 89
|
# 5: certificate type, 01 = x509 89
|
||||||
# 6+7 version (00 02 = SSLv2) 10-13
|
# 6+7 version (00 02 = SSLv2) 10-13
|
||||||
# 8+9 certificate length 14-17
|
# 8+9 certificate length 14-17
|
||||||
# 10+11 cipher spec length 17-20
|
# 10+11 cipher spec length 17-20
|
||||||
# 12+13 connection id length
|
# 12+13 connection id length
|
||||||
# [certificate length] ==> certificate
|
# [certificate length] ==> certificate
|
||||||
# [cipher spec length] ==> ciphers GOOD: HERE ARE ALL CIPHERS ALREADY!
|
# [cipher spec length] ==> ciphers GOOD: HERE ARE ALL CIPHERS ALREADY!
|
||||||
|
|
||||||
v2_hello_ascii=$(hexdump -v -e '16/1 "%02X"' $1)
|
v2_hello_ascii=$(hexdump -v -e '16/1 "%02X"' $1)
|
||||||
[[ "$DEBUG" -ge 4 ]] && echo $v2_hello_ascii # one line without any blanks
|
[[ "$DEBUG" -ge 4 ]] && echo $v2_hello_ascii # one line without any blanks
|
||||||
@ -1587,52 +1665,13 @@ display_tls_serverhello() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# helper function for protocol checks
|
|
||||||
# arg1: formatted string here in the code
|
|
||||||
code2network() {
|
|
||||||
NW_STR=$(echo "$1" | sed -e 's/,/\\\x/g' | sed -e 's/# .*$//g' -e 's/ //g' -e '/^$/d' | tr -d '\n' | tr -d '\t')
|
|
||||||
}
|
|
||||||
|
|
||||||
len2twobytes() {
|
|
||||||
len_arg1=$(echo ${#1})
|
|
||||||
[[ $len_arg1 -le 2 ]] && LEN_STR=$(printf "00, %02s \n" $1)
|
|
||||||
[[ $len_arg1 -eq 3 ]] && LEN_STR=$(printf "%02s, %02s \n" ${1:0:1} ${1:1:2})
|
|
||||||
[[ $len_arg1 -eq 4 ]] && LEN_STR=$(printf "%02s, %02s \n" ${1:0:2} ${1:2:2})
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sslv2_sockets() {
|
sslv2_sockets() {
|
||||||
V2_HELLO_CIPHERSPEC_LENGTH=0 # initialize
|
|
||||||
USLEEP_REC=${USLEEP_REC:-0.2}
|
|
||||||
USLEEP_SND=${USLEEP_SND:-0.1} # 1 second wait until otherwise specified
|
|
||||||
SOCK_REPLY_FILE="" # we do this with a file here. At a certain point heartbleed and ccs needs to be changed and make use of code2network
|
|
||||||
NW_STR=""
|
|
||||||
|
|
||||||
out " SSLv2 ";
|
out " SSLv2 ";
|
||||||
|
|
||||||
# SSLV2 chello:
|
|
||||||
SSLv2_CLIENT_HELLO="
|
|
||||||
,80,34 # length (here: 52)
|
|
||||||
,01 # Client Hello
|
|
||||||
,00,02 # SSLv2
|
|
||||||
,00,1b # cipher spec length (here: 27 )
|
|
||||||
,00,00 # session ID length
|
|
||||||
,00,10 # challenge length
|
|
||||||
,05,00,80 # 1st cipher 9 cipher specs, only classical V2 ciphers are used here, see http://max.euston.net/d/tip_sslciphers.html
|
|
||||||
,03,00,80 # 2nd there are v3 in v2!!! : https://tools.ietf.org/html/rfc6101#appendix-E
|
|
||||||
,01,00,80 # 3rd Cipher specifications introduced in version 3.0 can be included in version 2.0 client hello messages using
|
|
||||||
,07,00,c0 # 4th the syntax below. [..] # V2CipherSpec (see Version 3.0 name) = { 0x00, CipherSuite }; !!!!
|
|
||||||
,08,00,80 # 5th
|
|
||||||
,06,00,40 # 6th
|
|
||||||
,04,00,80 # 7th
|
|
||||||
,02,00,80 # 8th
|
|
||||||
,00,00,00 # 9th
|
|
||||||
,29,22,be,b3,5a,01,8b,04,fe,5f,80,03,a0,13,eb,c4" # Challenge
|
|
||||||
|
|
||||||
fd_socket 5 || return 6
|
fd_socket 5 || return 6
|
||||||
|
|
||||||
[[ "$DEBUG" -ge 2 ]] && out "sending client hello... "
|
[[ "$DEBUG" -ge 2 ]] && out "sending client hello... "
|
||||||
socksend_clienthello
|
socksend_sslv2_clienthello
|
||||||
|
|
||||||
sockread_serverhello 32768 0
|
sockread_serverhello 32768 0
|
||||||
[[ "$DEBUG" -ge 2 ]] && out "reading server hello... "
|
[[ "$DEBUG" -ge 2 ]] && out "reading server hello... "
|
||||||
@ -1641,7 +1680,7 @@ sslv2_sockets() {
|
|||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
|
|
||||||
display_sslv2serverhello "$SOCK_REPLY_FILE"
|
display_sslv2_serverhello "$SOCK_REPLY_FILE"
|
||||||
if [ $? -eq 7 ]; then
|
if [ $? -eq 7 ]; then
|
||||||
# strange reply
|
# strange reply
|
||||||
pr_litemagenta "strange v2 reply "
|
pr_litemagenta "strange v2 reply "
|
||||||
@ -1649,7 +1688,7 @@ sslv2_sockets() {
|
|||||||
[[ $DEBUG -ge 2 ]] && hexdump -C $SOCK_REPLY_FILE | head -1
|
[[ $DEBUG -ge 2 ]] && hexdump -C $SOCK_REPLY_FILE | head -1
|
||||||
else
|
else
|
||||||
# see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL
|
# see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL
|
||||||
lines=$(cat "$SOCK_REPLY_FILE" 2>/dev/null | hexdump -C | wc -l)
|
lines=$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null | wc -l)
|
||||||
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
|
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
|
||||||
|
|
||||||
if [[ "$lines" -gt 1 ]] ;then
|
if [[ "$lines" -gt 1 ]] ;then
|
||||||
@ -1674,79 +1713,40 @@ sslv2_sockets() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#for tls_low_byte in "00" "01" "02" "03"; do
|
# ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2)
|
||||||
tls_sockets() {
|
# ARG2: CIPHER_SUITES string
|
||||||
SN_HEX=""
|
socksend_tls_clienthello() {
|
||||||
LEN_SN_HEX=0
|
local len_sni
|
||||||
COL_WIDTH=32
|
local tls_low_byte
|
||||||
USLEEP_REC=${USLEEP_REC:-0.2}
|
local tls_low_byte
|
||||||
USLEEP_SND=${USLEEP_SND:-0.1} # 1 second wait until otherwise specified
|
local len_servername
|
||||||
MAX_WAITSOCK=2
|
local hexdump_format_str
|
||||||
SOCK_REPLY_FILE=""
|
local servername_hexstr
|
||||||
NW_STR=""
|
|
||||||
LEN_STR=""
|
|
||||||
DETECTED_TLS_VERSION=""
|
|
||||||
|
|
||||||
# 133 cipher: spdy, TLS 1.2
|
tls_low_byte=$1
|
||||||
TLS12_CIPHER="
|
len_servername=$(echo ${#NODE})
|
||||||
cc, 14, cc, 13, cc, 15, c0, 30, c0, 2c, c0, 28, c0, 24, c0, 14,
|
hexdump_format_str="$len_servername/1 \"%02x,\""
|
||||||
c0, 0a, c0, 22, c0, 21, c0, 20, 00, a5, 00, a3, 00, a1, 00, 9f,
|
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
|
||||||
00, 6b, 00, 6a, 00, 69, 00, 68, 00, 39, 00, 38, 00, 37, 00, 36,
|
len_sni=$(echo ${#3})
|
||||||
c0, 77, c0, 73, 00, c4, 00, c3, 00, c2, 00, c1, 00, 88, 00, 87,
|
|
||||||
00, 86, 00, 85, c0, 32, c0, 2e, c0, 2a, c0, 26, c0, 0f, c0, 05,
|
|
||||||
c0, 79, c0, 75, 00, 9d, 00, 3d, 00, 35, 00, c0, 00, 84, c0, 2f,
|
|
||||||
c0, 2b, c0, 27, c0, 23, c0, 13, c0, 09, c0, 1f, c0, 1e, c0, 1d,
|
|
||||||
00, a4, 00, a2, 00, a0, 00, 9e, 00, 67, 00, 40, 00, 3f, 00, 3e,
|
|
||||||
00, 33, 00, 32, 00, 31, 00, 30, c0, 76, c0, 72, 00, be, 00, bd,
|
|
||||||
00, bc, 00, bb, 00, 9a, 00, 99, 00, 98, 00, 97, 00, 45, 00, 44,
|
|
||||||
00, 43, 00, 42, c0, 31, c0, 2d, c0, 29, c0, 25, c0, 0e, c0, 04,
|
|
||||||
c0, 78, c0, 74, 00, 9c, 00, 3c, 00, 2f, 00, ba, 00, 96, 00, 41,
|
|
||||||
00, 07, c0, 11, c0, 07, 00, 66, c0, 0c, c0, 02, 00, 05, 00, 04,
|
|
||||||
c0, 12, c0, 08, c0, 1c, c0, 1b, c0, 1a, 00, 16, 00, 13, 00, 10,
|
|
||||||
00, 0d, c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f,
|
|
||||||
00, 0c, 00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e,
|
|
||||||
00, 0b, 00, 08, 00, 06, 00, 03, 00, ff"
|
|
||||||
|
|
||||||
# 76 cipher for SSLv3, TLS 1, TLS 1.1:
|
code2network "$2" # CIPHER_SUITES
|
||||||
TLS_CIPHER="
|
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
|
||||||
c0, 14, c0, 0a, c0, 22, c0, 21, c0, 20, 00, 39, 00, 38, 00, 37,
|
|
||||||
00, 36, 00, 88, 00, 87, 00, 86, 00, 85, c0, 0f, c0, 05, 00, 35,
|
|
||||||
00, 84, c0, 13, c0, 09, c0, 1f, c0, 1e, c0, 1d, 00, 33, 00, 32,
|
|
||||||
00, 31, 00, 30, 00, 9a, 00, 99, 00, 98, 00, 97, 00, 45, 00, 44,
|
|
||||||
00, 43, 00, 42, c0, 0e, c0, 04, 00, 2f, 00, 96, 00, 41, 00, 07,
|
|
||||||
c0, 11, c0, 07, 00, 66, c0, 0c, c0, 02, 00, 05, 00, 04, c0, 12,
|
|
||||||
c0, 08, c0, 1c, c0, 1b, c0, 1a, 00, 16, 00, 13, 00, 10, 00, 0d,
|
|
||||||
c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f, 00, 0c,
|
|
||||||
00, 62, 00, 09, 00, 65, 00, 64, 00, 14, 00, 11, 00, 0e, 00, 0b,
|
|
||||||
00, 08, 00, 06, 00, 03, 00, ff"
|
|
||||||
|
|
||||||
#formatted example for SNI
|
#formatted example for SNI
|
||||||
#00 00 # extention server_name
|
#00 00 # extension server_name
|
||||||
#00 1a # length = the following +2 = server_name length + 5
|
#00 1a # length = the following +2 = server_name length + 5
|
||||||
#00 18 # server_name list_length = server_name length +3
|
#00 18 # server_name list_length = server_name length +3
|
||||||
#00 # server_name type (hostname)
|
#00 # server_name type (hostname)
|
||||||
#00 15 # server_name length
|
#00 15 # server_name length
|
||||||
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
|
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# arg1: TLS_VER_LSB
|
|
||||||
# arg2: CIPHER_SUITES string
|
|
||||||
# arg3: SERVERNAME
|
|
||||||
# ??? more extensions?
|
|
||||||
|
|
||||||
len_sni=$(echo ${#3})
|
|
||||||
#tls_ver=printf "%02x\n" $1"
|
|
||||||
|
|
||||||
code2network "$2"
|
|
||||||
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
|
|
||||||
|
|
||||||
# convert length's from dec to hex:
|
# convert length's from dec to hex:
|
||||||
hex_len_sn_hex=$(printf "%02x\n" $LEN_SN_HEX)
|
hex_len_sn_hex=$(printf "%02x\n" $len_servername)
|
||||||
hex_len_sn_hex3=$(printf "%02x\n" $((LEN_SN_HEX+3)))
|
hex_len_sn_hex3=$(printf "%02x\n" $((len_servername+3)))
|
||||||
hex_len_sn_hex5=$(printf "%02x\n" $((LEN_SN_HEX+5)))
|
hex_len_sn_hex5=$(printf "%02x\n" $((len_servername+5)))
|
||||||
hex_len_extention=$(printf "%02x\n" $((LEN_SN_HEX+9)))
|
hex_len_extention=$(printf "%02x\n" $((len_servername+9)))
|
||||||
|
|
||||||
|
### continue here
|
||||||
len_ciph_suites_byte=$(echo ${#cipher_suites})
|
len_ciph_suites_byte=$(echo ${#cipher_suites})
|
||||||
let "len_ciph_suites_byte += 2"
|
let "len_ciph_suites_byte += 2"
|
||||||
|
|
||||||
@ -1757,23 +1757,21 @@ tls_sockets() {
|
|||||||
[[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word
|
[[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word
|
||||||
|
|
||||||
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extention + 0x2)))
|
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extention + 0x2)))
|
||||||
#len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27)))
|
|
||||||
len_c_hello_word="$LEN_STR"
|
len_c_hello_word="$LEN_STR"
|
||||||
[[ $DEBUG -ge 4 ]] && echo $len_c_hello_word
|
[[ $DEBUG -ge 4 ]] && echo $len_c_hello_word
|
||||||
|
|
||||||
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extention + 0x2)))
|
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extention + 0x2)))
|
||||||
#len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x2b)))
|
|
||||||
len_all_word="$LEN_STR"
|
len_all_word="$LEN_STR"
|
||||||
[[ $DEBUG -ge 4 ]] && echo $len_all_word
|
[[ $DEBUG -ge 4 ]] && echo $len_all_word
|
||||||
|
|
||||||
TLS_CLIENT_HELLO="
|
TLS_CLIENT_HELLO="
|
||||||
# TLS header ( 5 bytes)
|
# TLS header ( 5 bytes)
|
||||||
,16, 03, $1 # TLS Version
|
,16, 03, $tls_low_byte # TLS Version
|
||||||
,$len_all_word # Length <---
|
,$len_all_word # Length <---
|
||||||
# Handshake header:
|
# Handshake header:
|
||||||
,01 # Type (x01 for ClientHello)
|
,01 # Type (x01 for ClientHello)
|
||||||
,00, $len_c_hello_word # Length ClientHello
|
,00, $len_c_hello_word # Length ClientHello
|
||||||
,03, $1 # TLS Version (again)
|
,03, $tls_low_byte # TLS Version (again)
|
||||||
,54, 51, 1e, 7a # Unix time since see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
|
,54, 51, 1e, 7a # Unix time since see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
|
||||||
,de, ad, be, ef # Random 28 bytes
|
,de, ad, be, ef # Random 28 bytes
|
||||||
,31, 33, 07, 00, 00, 00, 00, 00
|
,31, 33, 07, 00, 00, 00, 00, 00
|
||||||
@ -1793,19 +1791,25 @@ tls_sockets() {
|
|||||||
,00, $hex_len_sn_hex3 # server_name list_length
|
,00, $hex_len_sn_hex3 # server_name list_length
|
||||||
,00 # server_name type (hostname)
|
,00 # server_name type (hostname)
|
||||||
,00, $hex_len_sn_hex # server_name length
|
,00, $hex_len_sn_hex # server_name length
|
||||||
,$SN_HEX" # server_name target
|
,$servername_hexstr" # server_name target
|
||||||
|
|
||||||
fd_socket 5 || return 6
|
fd_socket 5 || return 6
|
||||||
|
|
||||||
code2network "$TLS_CLIENT_HELLO$EXTENSION_CONTAINING_SNI"
|
code2network "$TLS_CLIENT_HELLO$EXTENSION_CONTAINING_SNI"
|
||||||
#code2network "$TLS_CLIENT_HELLO"
|
|
||||||
data=$(echo $NW_STR)
|
data=$(echo $NW_STR)
|
||||||
|
[[ "$DEBUG" -ge 4 ]] && echo "\"$data\""
|
||||||
|
printf -- "$data" >&5 2>/dev/null &
|
||||||
|
sleep $USLEEP_SND
|
||||||
|
|
||||||
[[ "$DEBUG" -ge 2 ]] && printf "sending client hello..."
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
tls_sockets() {
|
||||||
|
[[ "$DEBUG" -ge 2 ]] && echo "sending client hello..."
|
||||||
if [[ "$tls_low_byte" == "03" ]] ; then
|
if [[ "$tls_low_byte" == "03" ]] ; then
|
||||||
socksend_clienthello $tls_low_byte "$TLS12_CIPHER" $SNIHEX
|
socksend_tls_clienthello $tls_low_byte "$TLS12_CIPHER"
|
||||||
else
|
else
|
||||||
socksend_clienthello $tls_low_byte "$TLS_CIPHER" $SNIHEX
|
socksend_tls_clienthello $tls_low_byte "$TLS_CIPHER"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sockread_serverhello 32768 0
|
sockread_serverhello 32768 0
|
||||||
@ -1819,7 +1823,7 @@ tls_sockets() {
|
|||||||
ret=$?
|
ret=$?
|
||||||
|
|
||||||
# see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL
|
# see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL
|
||||||
lines=$(cat "$SOCK_REPLY_FILE" 2>/dev/null | hexdump -C | wc -l)
|
lines=$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null | wc -l)
|
||||||
[[ "$DEBUG" -ge 2 ]] && out " (returned $lines lines) "
|
[[ "$DEBUG" -ge 2 ]] && out " (returned $lines lines) "
|
||||||
|
|
||||||
# case $tls_low_byte in
|
# case $tls_low_byte in
|
||||||
@ -1845,7 +1849,6 @@ tls_sockets() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
close_socket
|
close_socket
|
||||||
TMPFILE=$SOCK_REPLY_FILE
|
TMPFILE=$SOCK_REPLY_FILE
|
||||||
tmpfile_handle $FUNCNAME.dd
|
tmpfile_handle $FUNCNAME.dd
|
||||||
@ -1853,6 +1856,7 @@ tls_sockets() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
###### ccs, heartbleed
|
||||||
|
|
||||||
ok_ids(){
|
ok_ids(){
|
||||||
greenln "\n ok -- something resetted our ccs packets"
|
greenln "\n ok -- something resetted our ccs packets"
|
||||||
@ -1860,6 +1864,7 @@ ok_ids(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#FIXME: At a certain point heartbleed and ccs needs to be changed and make use of code2network using a file, then tls_sockets
|
||||||
ccs_injection(){
|
ccs_injection(){
|
||||||
# see https://www.openssl.org/news/secadv_20140605.txt
|
# see https://www.openssl.org/news/secadv_20140605.txt
|
||||||
# mainly adapted from Ramon de C Valle's C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607
|
# mainly adapted from Ramon de C Valle's C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607
|
||||||
@ -2048,7 +2053,7 @@ heartbleed(){
|
|||||||
|
|
||||||
lines_returned=$(echo "$SOCKREPLY" | "${HEXDUMP[@]}" | wc -l)
|
lines_returned=$(echo "$SOCKREPLY" | "${HEXDUMP[@]}" | wc -l)
|
||||||
if [ $lines_returned -gt 1 ]; then
|
if [ $lines_returned -gt 1 ]; then
|
||||||
pr_red "VULNERABLE"
|
pr_red "VULNERABLE (NOT ok)"
|
||||||
ret=1
|
ret=1
|
||||||
else
|
else
|
||||||
pr_green "not vulnerable (OK)"
|
pr_green "not vulnerable (OK)"
|
||||||
@ -2306,7 +2311,7 @@ beast(){
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ $ret -eq 1 ] ; then
|
if [ $ret -eq 1 ] ; then
|
||||||
[ ! -z "$higher_proto_supported" ] && outln "$spaces but also supports higher protocols (possible mitigation):$higher_proto_supported"
|
[ ! -z "$higher_proto_supported" ] && outln "${spaces}but also supports higher protocols (possible mitigation):$higher_proto_supported"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# printf "For a full individual test of each CBC cipher suites support by your $OPENSSL run \"$0 -x CBC $NODE\"\n"
|
# printf "For a full individual test of each CBC cipher suites support by your $OPENSSL run \"$0 -x CBC $NODE\"\n"
|
||||||
@ -2994,6 +2999,6 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.208 2015/03/15 15:59:28 dirkw Exp $
|
# $Id: testssl.sh,v 1.209 2015/03/15 23:22:50 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user