- BEAST now also works in wide mode

- renamed --long in --wide - added --show-each to help - inserted help
2025-01-06 00:39:44 +01:00 · 2015-05-27 17:04:35 +02:00 · 2015-05-27 17:04:35 +02:00 · f9605c4f35
commit f9605c4f35
parent a76ca52c4c
1 changed files with 115 additions and 73 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -779,6 +779,7 @@ normalize_ciphercode() {
 		fi
 		HEXC="$part1$part2$part3"
 	fi
+# FIXME: we shuld just echo this and avoid the global var HEXC
 	HEXC=$(echo $HEXC | tr 'A-Z' 'a-z' |  sed 's/0x/x/') #tolower + strip leading 0
 	return 0
 }
@ -898,6 +899,11 @@ neat_header(){
 	outln "%s-------------------------------------------------------------------------${MAP_RFC_FNAME:+----------------------------------------------}"
 }

+
+# arg1: hexcode
+# arg2: cipher in openssl notation
+# arg3: keyexchange
+# arg4: encryption (maybe included "export")
 neat_list(){
 	kx=$(echo "$3" | sed 's/Kx=//g')
 	enc=$(echo $4 | sed 's/Enc=//g')
@ -1184,7 +1190,7 @@ run_std_cipherlists() {
 read_dhbits_from_file() {
 	local bits what_dh
 	local add=""
-	local old_fart=" (openssl too old to show DH bits)"
+	local old_fart=" (openssl is too old to show DH bits)"

 	if ! $HAS_DH_BITS; then
 		if [ -z "$2" ]; then
@ -1225,8 +1231,6 @@ read_dhbits_from_file() {
 		else
 			out "$bits $add"
 		fi
-	else
-		pr_bold "FIXME: >$what_dh|$bits<"
 	fi
 	
 	return 0
@ -2709,51 +2713,80 @@ beast(){
 	local detected_proto
 	local detected_cbc_cipher=""
 	local higher_proto_supported=""
-	local -i ret=0
+	local openssl_ret=0
+	local vuln_beast=false
 	local spaces="                                           "
 	local cr=$'\n'
 	local first=true
 	local continued=false
+	local cbc_cipher_list="SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA:PSK-AES256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RSA-PSK-AES128-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:RSA-PSK-3DES-EDE-CBC-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:ADH-DES-CBC-SHA:EXP1024-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DH-RSA-DES-CBC-SHA:EXP-DH-DSS-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5"

-	[ $VULN_COUNT -le $VULN_THRESHLD ]  && outln && pr_blue "--> Testing for BEAST vulnerability" && outln "\n"
+	if [ $VULN_COUNT -le $VULN_THRESHLD ] || [ $LONG -eq 0 ] ; then
+		 outln 
+		 pr_blue "--> Testing for BEAST vulnerability" && outln "\n"
+	fi
 	pr_bold " BEAST"; out " (CVE-2011-3389)                     "
+	[[ $LONG -eq 0 ]] && outln 

 	# 2) test handfull of common CBC ciphers
 	for proto in ssl3 tls1; do
 		$OPENSSL s_client -"$proto" $STARTTLS -connect $NODEIP:$PORT $SNI >$TMPFILE 2>/dev/null </dev/null
-		if [ $? -ne 0 ]; then
-			if $continued; then
+		if [ $? -ne 0 ]; then  	# protocol supported?
+			if $continued; then # second round: we hit TLS1:
 				pr_litegreenln "no SSL3 or TLS1"
 				return 0
-			else
+			else  			# protocol not succeeded but it';s the first time
 				continued=true
 				continue			# protocol no supported, so we do not need to check each cipher with that protocol
 			fi
+		fi # protocol succeeded
+		# protocol with cbc_cipher check follows now
+
+		if [[ $LONG -eq 0 ]] ; then
+			outln "\n $(echo $proto | tr '[a-z]' '[A-Z]'):";
+			neat_header # NOTTHATNICE: we display the header also if in the end no cbc cipher is available on the client side
 		fi
-		while read hexcode dash cbc_cipher sslvers kx auth enc mac export ; do
+		while read hexcode dash cbc_cipher sslvers kx auth enc mac; do
 			$OPENSSL s_client -cipher "$cbc_cipher" -"$proto" $STARTTLS -connect $NODEIP:$PORT $SNI >$TMPFILE 2>/dev/null </dev/null
-			#normalize_ciphercode $hexcode
-			#neat_list $HEXC $ciph $kx $enc | grep -wai "$arg"
-			if [ $? -eq 0 ]; then
+			openssl_ret=$?
+			[[ $openssl_ret -eq 0 ]] && vuln_beast=true
+			if [ $LONG -eq 0 ]; then
+				normalize_ciphercode $hexcode
+				if [[ "$SHOW_EACH_C" -ne 0 ]]; then
+					neat_list $HEXC $cbc_cipher $kx $enc
+					if [[ $openssl_ret -eq 0 ]]; then
+						pr_brownln "available"
+					else
+						outln "not a/v"
+					fi
+				else
+					[[ $openssl_ret -eq 0 ]] && neat_list $HEXC $cbc_cipher $kx $enc && outln
+				fi
+			else # short display:
+				if [ $openssl_ret -eq 0 ]; then
 					detected_cbc_cipher="$detected_cbc_cipher ""$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')"
+					vuln_beast=true
+				fi
 			fi
 		done < <($OPENSSL ciphers -V 'ALL:eNULL' | grep -a CBC)   	# -V doesn't work with openssl < 1.0
 		#    ^^^^^ process substitution as shopt will either segfault or doesn't work with old bash versions

-		#detected_cbc_cipher=$(echo $detected_cbc_cipher | sed 's/ //g')
-		if [ -z "$detected_cbc_cipher" ]; then
+		if [ $LONG -ne 0 ]; then
+			if [ -n "$detected_cbc_cipher" ]; then
+				detected_cbc_cipher=$(echo "$detected_cbc_cipher" | sed -e "s/ /\\${cr}      ${spaces}/9" -e "s/ /\\${cr}      ${spaces}/6" -e "s/ /\\${cr}      ${spaces}/3")
+				! $first && out "$spaces"
+				out "$(echo $proto | tr '[a-z]' '[A-Z]'):"; pr_brownln "$detected_cbc_cipher"
+				detected_cbc_cipher="" # empty for next round
+				first=false
+			else
 				[[ $proto == "tls1" ]] && ! $first && printf "$spaces"
 				pr_litegreenln "no CBC ciphers for $(echo $proto | tr '[a-z]' '[A-Z]') (OK)"
 				first=false
-		else
-			detected_cbc_cipher=$(echo "$detected_cbc_cipher" | sed -e "s/ /\\${cr}      ${spaces}/9" -e "s/ /\\${cr}      ${spaces}/6" -e "s/ /\\${cr}      ${spaces}/3")
-			[ $ret -eq 1 ] && out "$spaces"
-			out "$(echo $proto | tr '[a-z]' '[A-Z]'):"; pr_brownln "$detected_cbc_cipher"
-			ret=1
-			detected_cbc_cipher=""
-			first=false
 			fi
-	done  
+		else
+			$vuln_beast || pr_litegreenln " no CBC ciphers for $(echo $proto | tr '[a-z]' '[A-Z]') (OK)"
+		fi
+	done  # for proto in ssl3 tls1

 	# 2) support for TLS 1.1+1.2?
 	for proto in tls1_1 tls1_2; do
@ -2762,14 +2795,22 @@ beast(){
 			higher_proto_supported="$higher_proto_supported ""$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol .*://' -e 's/ //g')"
 		fi
 	done
-	if [ $ret -eq 1 ] ; then
-		[ ! -z "$higher_proto_supported" ] && outln "${spaces}-- but also supports higher protocols (possible mitigation):$higher_proto_supported"
+	if $vuln_beast ; then
+		if [ ! -z "$higher_proto_supported" ] ; then
+			if [ $LONG -eq 0 ]; then
+				outln
+				pr_brown "VULNERABLE" 
+				outln " -- but also supports higher protocols (possible mitigation):$higher_proto_supported"
+			else
+				outln "${spaces}-- but also supports higher protocols (possible mitigation):$higher_proto_supported"
+			fi
+		fi
 	fi

 #	printf "For a full individual test of each CBC cipher suites support by your $OPENSSL run \"$0 -x CBC $NODE\"\n"

 	tmpfile_handle $FUNCNAME.txt
-	return $ret
+	return 
 }

 lucky13() {
@ -2784,8 +2825,8 @@ lucky13() {
 # https://en.wikipedia.org/wiki/Transport_Layer_Security#RC4_attacks
 # http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
 rc4() {
-	local ret
-	local hexcode n ciph sslvers kx auth enc mac strength
+	local ret rc4_offered
+	local hexcode n ciph sslvers kx auth enc mac export

 	if [ $VULN_COUNT -le $VULN_THRESHLD ] || [ $LONG -eq 0 ] ; then
 		outln 
@ -2809,7 +2850,7 @@ rc4() {
 			fi
 			if [ $LONG -eq 0 ]; then
 				normalize_ciphercode $hexcode
-				neat_list $HEXC $ciph $kx $enc $strength
+				neat_list $HEXC $ciph $kx $enc 
 				if [[ "$SHOW_EACH_C" -ne 0 ]]; then
 					if [[ $ret -eq 0 ]]; then
 						pr_litered "available"
@ -2946,16 +2987,16 @@ $PROG_NAME <options> URI    ("$PROG_NAME URI" does everything except ciphers per
     <-S|--server_defaults>         displays the servers default picks and certificate info
     <-P|--preference>              displays the servers picks: protocol+cipher
     <-y|--spdy|--npn>              checks for SPDY/NPN
-     <-x|--single-cipher> <pattern>    tests matched <pattern> of cipher
+     <-x|--single-cipher> pattern   tests matched <pattern> of cipher
     <-U|--vulnerable>              tests all vulnerabilities
     <-B|--heartbleed>              tests for heartbleed vulnerability
     <-I|--ccs|--ccs-injection>     tests for CCS injection vulnerability
-     <-R|--renegotiation>              tests renegotiation vulnerabilities
-     <-C|--compression|--crime>        tests CRIME vulnerability
-     <-T|--breach>                     tests BREACH vulnerability
+     <-R|--renegotiation>           tests for renegotiation vulnerabilities
+     <-C|--compression|--crime>     tests for CRIME vulnerability
+     <-T|--breach>                  tests for BREACH vulnerability
     <-O|--poodle>                  tests for POODLE (SSL) vulnerability
-     <-F|--freak>                      tests FREAK vulnerability
-     <-A|--beast>                      tests BEAST vulnerability
+     <-F|--freak>                   tests for FREAK vulnerability
+     <-A|--beast>                   tests for BEAST vulnerability
     <-s|--pfs|--fs|--nsa>          checks (perfect) forward secrecy settings
     <-4|--rc4|--appelbaum>         which RC4 ciphers are being offered?
     <-H|--header|--headers>        tests HSTS, HPKP, server/app banner, security headers, cookie
@ -2978,9 +3019,10 @@ tuning options:
     --ssl-native                   fallback to checks with OpenSSL where sockets are normally used
     --openssl <PATH>               use this openssl binary (default: look in \$PATH, RUN_DIR of $PROG_NAME
     --sneaky                       be less verbose wrt referer headers      
-     --long                            wide output for tests like RC4 also with hexcode, kx, strength
+     --wide                         wide output for tests like RC4, BEAST. also with hexcode, kx, strength
+     --show-each                    for each wide output (see --wide, -V, -x, e, -E): display all ciphers not only succeeded ones
     --warnings <batch|off|false>   "batch" doesn't wait for keypress, "off|false" skips connection warning
-     --color                           0: no escape or other codes 1: b/w escape codes 2: color (default)
+     --color                        0: no escape or other codes,  1: b/w escape codes,  2: color (default)
     --debug                        1: screen output normal but debug output in itemp files.  2-6: see line ~60
    

@ -3546,7 +3588,7 @@ startup() {
 				shift
 				do_tls_sockets=true
 				outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}" ;;
-               --long) LONG=0 ;;
+               --wide) LONG=0 ;;
 			--assuming-http|--assuming_http|--assume_http|--assume-http)
 				ASSUMING_HTTP=0 ;;
 			--sneaky)
@ -3557,7 +3599,7 @@ startup() {
 					default)   		pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
 				esac
 				shift ;;
-			--show-each-cipher)
+			--show-each|--show_each)
 				SHOW_EACH_C=1 ;; #FIXME: sense is vice versa
 			--debug)
 				DEBUG="$2"
@ -3675,6 +3717,6 @@ fi

 exit $ret

-#  $Id: testssl.sh,v 1.261 2015/05/27 12:28:17 dirkw Exp $ 
+#  $Id: testssl.sh,v 1.262 2015/05/27 15:04:34 dirkw Exp $ 
 # vim:ts=5:sw=5
 # ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab