def _do_handshake_with_ccs_injection(self): # type: ignore
"""Modified do_handshake() to send a CCS injection payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b""
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(
remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError("Unknown record? Type {}".format(
tls_record.header.type))
if did_receive_hello_done:
# Send an early CCS record - this should be rejected by the server
payload = TlsChangeCipherSpecRecord.from_parameters(
tls_version=tls_parser.tls_version.TlsVersionEnum[
self._ssl_version.name]).to_bytes()
self._sock.send(payload)
# Send an early application data record which should be ignored by the server
app_data_record = TlsApplicationDataRecord.from_parameters(
tls_version=tls_parser.tls_version.TlsVersionEnum[
self._ssl_version.name],
application_data=b"\x00\x00")
self._sock.send(app_data_record.to_bytes())
# Check if an alert was sent back
while True:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(
remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
raise _NotVulnerableToCcsInjection()
except socket.error:
# Server closed the connection after receiving the CCS payload
raise _NotVulnerableToCcsInjection()
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert but which one?
if tls_record.alert_description == 0x14:
# BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data
# record instead of ignoring it; server is vulnerable
raise _VulnerableToCcsInjection()
# Any other alert means that the server rejected the early CCS record
raise _NotVulnerableToCcsInjection()
else:
break
raise _NotVulnerableToCcsInjection()
def do_handshake_with_ccs_injection(self): # type: ignore
"""Modified do_handshake() to send a CCS injection payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b''
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError('Unknown record? Type {}'.format(tls_record.header.type))
if did_receive_hello_done:
# Send an early CCS record - this should be rejected by the server
payload = TlsChangeCipherSpecRecord.from_parameters(
tls_version=TlsVersionEnum[self._ssl_version.name]).to_bytes()
self._sock.send(payload)
# Send an early application data record which should be ignored by the server
app_data_record = TlsApplicationDataRecord.from_parameters(tls_version=TlsVersionEnum[self._ssl_version.name],
application_data=b'\x00\x00')
self._sock.send(app_data_record.to_bytes())
# Check if an alert was sent back
while True:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
raise NotVulnerableToCcsInjection()
except socket.error:
# Server closed the connection after receiving the CCS payload
raise NotVulnerableToCcsInjection()
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert but which one?
if tls_record.alert_description == 0x14:
# BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data
# record instead of ignoring it; server is vulnerable
raise VulnerableToCcsInjection()
# Any other alert means that the server rejected the early CCS record
raise NotVulnerableToCcsInjection()
else:
break
raise NotVulnerableToCcsInjection()