-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modernize code2network() #1530
Open
drwetter
wants to merge
9
commits into
3.2
Choose a base branch
from
socksend_cleanup
base: 3.2
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Modernize code2network() #1530
Commits on Mar 6, 2020
-
This function had before a mixture of sed and tr commands which was now replaced by bash internal functions. It makes the code better, performance gain in the LAN is neglectable (1s). This brings code2network somewhat in line with socksend(). This function does basically the same (and thus is probably prone to extinction ;-) ). Albeit there the good thing is it does conversion and sending in one shot.
Configuration menu - View commit details
-
Copy full SHA for 0d8abd1 - Browse repository at this point
Copy the full SHA 0d8abd1View commit details -
Move more towards a common socksend* function
This commit chamges a few functions / calls so that the hexbyte syntax with leading x was changed to one without. The calls then need to change from socksend --> socksend_clienthello . The goal is basically to remove socksend() at some point. Also socksend_clienthello()'s use of NW_STR should be reconsidered. This PR removes also some blanks, at the right hand side of some double square brackets and at some empty lines
Configuration menu - View commit details
-
Copy full SHA for 6a7bf16 - Browse repository at this point
Copy the full SHA 6a7bf16View commit details
Commits on Mar 7, 2020
-
Socksend modernize part 3, with a PoC for #1535: DONT USE THIS OTHERWISE
This moves the run_ticketbleed function to the socketsend_clienthello. It is not working yet, see also #1535 why. This is just for the PoC, I'll explain: It has now a function named check_bytestream() which will be called in debug mode 1 and checks whether the byte stream to be send via bash sockets is properly formatted. It can detect bugs which otherwise would be hard to discover. DO NOT USE IT for anything else than the check ---snip: code: check_bytestream() { local line="" local -i i=0 # We do a search and replace so that \xaa\x29 becomes # _xaa # _x29 # # "echo -e" helps us to get a multiline string while read -r line; do if [[ $i -eq 0 ]]; then # first line is empty because this is a LF : elif [[ ${#line} -ne 4 ]] && [[ $i != 0 ]]; then echo "length of byte $i called from $2 is not ok" elif [[ ${line:0:1} != _ ]]; then echo "char $i called from $2 doesn't start with a \"\\\"" elif [[ ${line:1:1} != x ]]; then echo "char $i called from $2 doesn't have an x in second position" elif [[ ${line:2:2} != [0-9a-fA-F][0-9a-fA-F] ]]; then echo "byte $i called from $2 is not hex" fi i+=1 done < <( echo -e ${1//\\/\\n_}) } socksend_clienthello() { local data="" code2network "$1" data="$NW_STR" if [[ "$DEBUG" -ge 1 ]]; then check_bytestream "$data" "${FUNCNAME[1]}" [[ "$DEBUG" -ge 4 ]] && echo && echo "\"$data\"" [..] Result (./testssl.sh -q --debug=1 -U dev.testssl.sh): Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224) not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment. length of byte 311 called from run_ticketbleed is not ok length of byte 312 called from run_ticketbleed is not ok length of byte 313 called from run_ticketbleed is not ok length of byte 314 called from run_ticketbleed is not ok length of byte 315 called from run_ticketbleed is not ok length of byte 316 called from run_ticketbleed is not ok length of byte 317 called from run_ticketbleed is not ok [..] ---snap Besides that: * dec02hex was corrected (only being used for run_ticketbleed) * dec04hex is still buggy and part of the problem * some quotes removed from rhs of [[]]
Configuration menu - View commit details
-
Copy full SHA for 8dbaab3 - Browse repository at this point
Copy the full SHA 8dbaab3View commit details
Commits on Mar 8, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 16be686 - Browse repository at this point
Copy the full SHA 16be686View commit details
Commits on Mar 9, 2020
-
This commit fixes ticketbleed so that using socksend_clienthello(). can being used. The function for retrieving the TLS session ticket is now using SNI and it was renamed to session_ticket_from_openssl() so that this can be used elsewhere. Also for the sake of better programming it is using bash only. In order to ease stripping whitespaces the bash option "extglob" was IN GENERAL set. This should only add the possibility to do extended pattern matching when using round brackets: ?(pattern-list) Matches zero or one occurrence of the given patterns. *(pattern-list) Matches zero or more occurrences of the given patterns. +(pattern-list) Matches one or more occurrences of the given patterns. @(pattern-list) Matches one of the given patterns. !(pattern-list) Matches anything except one of the given patterns. ... see bash(1). The man page though warns "separate matches against shorter strings, or using arrays of strings instead of a single long string, may be faster.". So when using ~100x we should do s.th. else. It also works under bashv3. The check_bytestream() function which was previously introduced now also list the offending string.
Configuration menu - View commit details
-
Copy full SHA for d1cec5e - Browse repository at this point
Copy the full SHA d1cec5eView commit details
Commits on Mar 23, 2020
-
Cleanup for ticketbleed (and other who need x509 client auth)
run_ticketbleed() has now a check whether there's "$CLIENT_AUTH" set. If so a warn message is being issued and the test skipped. Empty replies for other reasons from the s_client connect are handled better within run_ticketbleed(). Otherwise it would lead to ugly errors on the console. Warning messages for vulneribility checks when client x509-based authentication is encountered are now all the same. CVE/CWE added. (run_renego(), run_breach() ).
Configuration menu - View commit details
-
Copy full SHA for dc6f9d7 - Browse repository at this point
Copy the full SHA dc6f9d7View commit details
Commits on Nov 26, 2020
-
Configuration menu - View commit details
-
Copy full SHA for f713c14 - Browse repository at this point
Copy the full SHA f713c14View commit details -
Configuration menu - View commit details
-
Copy full SHA for fab5da5 - Browse repository at this point
Copy the full SHA fab5da5View commit details
Commits on Nov 27, 2020
-
Configuration menu - View commit details
-
Copy full SHA for c283fed - Browse repository at this point
Copy the full SHA c283fedView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.