def testPFSCipher(host,port,cipher): try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.settimeout(10) client.connect((host, port)) # Define the method as serverpreferred and use the Cipher from the test contextToUse = Context(pfsCipherList[cipher]) contextToUse.set_cipher_list(cipher) # Estabilish a SSL connection using the server's preferred connection client_ssl = Connection(contextToUse, client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Close the connection client_ssl.close() client.close() return True except openSSLError as e: # Server may be down or avoiding SSL connection return False except ValueError as e: # Not configured or not allowed return False pass
def start(keystore, keystorealias, keypass, keystorepassphrase, hostandport,
timeout):
verify(keystore, keystorealias, keypass, keystorepassphrase, hostandport)
sslContext = getOpensslContext(keystore, keystorealias, keypass,
keystorepassphrase)
socket = socket_any_family()
socket.settimeout(timeout)
hostandport = hostandport.split(":", 2)
socket.connect((hostandport[0], int(hostandport[1])))
sslConnection = Connection(sslContext, socket)
sslConnection.set_connect_state()
sslConnection.set_tlsext_host_name(hostandport[0].encode('utf-8'))
while True:
try:
sslConnection.do_handshake()
except OpenSSL.SSL.WantReadError:
rd, _, _ = select.select([socket], [], [], socket.gettimeout())
if not rd:
raise timeout('select timed out')
continue
except OpenSSL.SSL.Error as e:
raise ssl.SSLError('bad handshake: %r' % e)
break
sslContext.set_timeout(timeout)
sslConnection.send(b"GET / HTTP/1.0\r\n\r\n")
socket.recv(1024)
def _openssl_connect(hostname):
client = socket()
client.connect((hostname, 443))
client_ssl = Connection(Context(SSLv23_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(hostname.encode('utf-8'))
client_ssl.do_handshake()
return client_ssl
def printcert(host, port, hostname):
con = Connection(Context(TLSv1_METHOD), socket(AF_INET, SOCK_STREAM))
con.connect((host, port))
con.set_tlsext_host_name(hostname if hostname else host)
con.do_handshake()
con.shutdown()
con.close()
print dump_certificate(FILETYPE_PEM, walkchain(con.get_peer_cert_chain()))
def main():
"""
Connect to an SNI-enabled server and request a specific hostname, specified by argv[1], of it.
"""
if len(argv) < 2:
print 'Usage: %s <hostname> [port]' % (argv[0], )
return 1
port = 443
if len(argv) == 3:
port = int(argv[2])
hostname = argv[1]
client = socket()
#client.settimeout(2)
#print 'Connecting...',
stdout.flush()
client.connect((hostname, port))
#print 'connected', client.getpeername()
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(hostname)
client_ssl.do_handshake()
host = client_ssl.getpeername()
servername = client_ssl.get_servername()
x509 = client_ssl.get_peer_certificate()
notAfter = datetime.strptime(x509.get_notAfter(), '%Y%m%d%H%M%SZ')
cert_chain = client_ssl.get_peer_cert_chain()
now = datetime.now()
timedelta = notAfter - now
DNS = ''
for i in xrange(x509.get_extension_count()):
ret = str(x509.get_extension(i))
if re.match('^DNS:', ret):
DNS = ret.replace('DNS:', '')
print "servername: %s, host: %s, port: %s" % (servername, host[0], host[1])
print "\tnotAfter: %s, remain: %s days" % (notAfter, timedelta.days)
print "\tDNS: ", DNS
print '\tCert Chain:'
for i, v in enumerate(cert_chain):
print '\t%s,i,%s' % (i, v.get_subject())
print '\t%s,s,%s' % (i, v.get_issuer())
client_ssl.close()
def testWeakCipher(host,port,protocolList):
# Create a list to put all analysed data
protoDataList = []
# Test the size of the cipher for each protocol avaiable and get the Cipher Suite
for proto in protocolList:
try:
# Construct the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
# Estabilish a SSL connection
client_ssl = Connection(Context(methods[proto]), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
# Try to perform an SSL handshake
client_ssl.do_handshake()
# Obtain the name of the protocol being used
protoName = (client_ssl.get_protocol_version_name())
# Obtain the size of the cipher being used by the protocol
bitSize = (client_ssl.get_cipher_bits())
# Obtain the Cipher Suite
suite = client_ssl.get_cipher_name()
# Create a compiled data
data = (protoName,bitSize,suite)
# Put the data obtained on the list
protoDataList.append(data)
# Close the connection
client_ssl.close()
client.close()
except openSSLError as e: # Server may be down or avoiding SSL connection
print _('Servidor nao esta respondendo')
return
except ValueError as e: # Not configured or not allowed
print _('Servidor nao esta configurado')
return
# Print the results
print bcolors.BOLD + _("Protocolo\tTamanho da Cifra\tCifra") + bcolors.ENDC
for protoData in protoDataList:
print protoData[0] + '\t\t' + str(protoData[1]) + ' bits' + ( '(OK)' if (protoData[1] >=128) else _('(FRACA)')) + '\the\t' + str(protoData[2])
def verify_context_info_cb(
self, ssl_connection: SSL.Connection, where: int
) -> None:
if where & SSL.SSL_CB_HANDSHAKE_START and not self._is_ip_address:
ssl_connection.set_tlsext_host_name(self._hostnameBytes)
if where & SSL.SSL_CB_HANDSHAKE_DONE and self._verify_certs:
try:
if self._is_ip_address:
verify_ip_address(ssl_connection, self._hostnameASCII)
else:
verify_hostname(ssl_connection, self._hostnameASCII)
except VerificationError:
f = Failure()
tls_protocol = ssl_connection.get_app_data()
tls_protocol.failVerification(f)
def identifyProtocol(host,port):
# Create a list to put all analysed data
protoDataList = []
try:
# Construct the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
# Estabilish a SSL connection using the server's preferred connection
client_ssl = Connection(Context(SSLv23_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
# Try to perform an SSL handshake
client_ssl.do_handshake()
# Obtain the name of the protocol being used
protoName = (client_ssl.get_protocol_version_name())
# Obtain the size of the cipher being used by the protocol
bitSize = (client_ssl.get_cipher_bits())
# Obtain the Cipher Suite
suite = client_ssl.get_cipher_name()
# Create a compiled data
data = (protoName,bitSize,suite)
# Put the data obtained on the list
protoDataList.append(data)
# Close the connection
client_ssl.close()
client.close()
# Shpw the data
print _('Preferido: ') + str(protoName) + _('\nCifra: ') + str(suite) + _('\nTamanho em bits: ') + str(bitSize)
# Return the protocol method used by pyOpenSSL
return methodName[protoName]
except openSSLError as e: # Server may be down or avoiding SSL connection
print _('\nNao foi possivel identificar o protocolo padrao\n')
return 0
except ValueError as e: # Not configured or not allowed
print _('\nNao foi possivel identificar o protocolo padrao\n')
return 0
def get_certificate(hostname, port=443):
"""
Return TLS certificate (f.i. for https or smtps)
"""
client = socket()
client.connect((hostname, port))
client_ssl = Connection(Context(TLSv1_2_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(hostname.encode("ascii")) # SNI
client_ssl.do_handshake()
cert = client_ssl.get_peer_certificate()
client_ssl.close()
return cert
def get_ssl(url):
print(Fore.RED+"[+] ssl certificate:"+Fore.GREEN)
first_try = re.findall(r":([0-9]+)", str(url))
if len(first_try) != 0:
for i in range(len(first_try)):
port = ''.join(first_try[i])
else:
port = int('443')
second_try = re.findall(r"/([0-9a-zA-Z\.%&#]+)", str(url))
if len(second_try) != 0:
for i in range(len(second_try)):
host = ''.join(second_try[i])
try:
try:
ssl_connection_setting = Context(SSLv3_METHOD)
except ValueError:
ssl_connection_setting = Context(TLSv1_2_METHOD)
ssl_connection_setting.set_timeout(5)
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((host, int(port)))
c = Connection(ssl_connection_setting, s)
c.set_tlsext_host_name(str.encode(host))
c.set_connect_state()
c.do_handshake()
cert = c.get_peer_certificate()
print(Fore.RED+" --> "+Fore.GREEN+"Is Expired: ", cert.has_expired())
print(Fore.RED+" --> "+Fore.GREEN+"Issuer: ", cert.get_issuer())
subject_list = cert.get_subject().get_components()
cert_byte_arr_decoded = {}
for item in subject_list:
cert_byte_arr_decoded.update({item[0].decode('utf-8'): item[1].decode('utf-8')})
if len(cert_byte_arr_decoded) > 0:
print(Fore.RED+" --> "+Fore.GREEN+"Subject: ", cert_byte_arr_decoded)
if cert_byte_arr_decoded["CN"]:
print(Fore.RED+" --> "+Fore.GREEN+"Common Name: ", cert_byte_arr_decoded["CN"])
end_date = datetime.strptime(str(cert.get_notAfter().decode('utf-8')), "%Y%m%d%H%M%SZ")
print(Fore.RED+" --> "+Fore.GREEN+"Not After (UTC Time): ", end_date)
diff = end_date - datetime.now()
print(Fore.RED+" --> "+Fore.GREEN+'Summary: "{}" SSL certificate expires on {} i.e. {} days.'.format(host, end_date, diff.days))
c.shutdown()
s.close()
except:
print(Fore.RED+" --> "+Fore.GREEN+"Not found")
pass
class OpenSSLSNI(object):
"""This class implements the functionality of obtaining certificates secure connection using
apache TLS Extension Server Name Indication (SNI)
"""
def connection(func):
def wrapped(self):
self._connect()
try:
return func(self)
finally:
self._close()
return wrapped
def __init__(self, host, port):
#Set host name
self._host = str(host).split('//')[-1].split(':')[0]
#Set port
self._port = int(port) if str(port).isdigit() else 443
def _connect(self):
"""This method implements the functionality of establishing a secure connection using TLS Extension"""
self._socket_client = socket()
self._socket_client.connect((self._host, self._port))
self._ssl_client = Connection(Context(TLSv1_METHOD), self._socket_client)
self._ssl_client.set_connect_state()
self._ssl_client.set_tlsext_host_name(self._host)
self._ssl_client.do_handshake()
def _close(self):
"""This method implements the functional termination created connection"""
self._ssl_client.close()
del self._socket_client
@property
@connection
def serial_number(self):
"""Returns certificates serial number"""
return self._ssl_client.get_peer_certificate().get_serial_number()
@property
@connection
def certificate(self):
"""Returns certificate"""
return OpenSSL.crypto.dump_certificate(FILETYPE_PEM, self._ssl_client.get_peer_certificate())
def main():
if len(argv) < 3:
print('Usage: %s <hostname> <port>'.format(argv[0]))
return 1
hostname = str(argv[1])
port = int(argv[2])
client = socket()
print('Connecting...')
stdout.flush()
client.connect((hostname, port))
print('Connected to', client.getpeername())
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(hostname.encode('utf-8'))
client_ssl.do_handshake()
chain = client_ssl.get_peer_cert_chain()
print("\n>> Certificate Chain:\n")
i = 0
for cert in reversed(chain):
i += 1
asterisks = "*" * i
print(" [+] {:<10} {}".format(asterisks, cert.get_subject()))
print("\n>> Certificate Details:\n")
for cert in reversed(chain):
pkey = cert.get_pubkey()
print("." * 80)
print("- [Subject]:\t\t{}".format(cert.get_subject()))
print("- [Issuer]:\t\t{}".format(cert.get_issuer()))
print("- [Valid from]:\t\t{}".format(cert.get_notBefore()))
print("- [Valid until]:\t{}".format(cert.get_notAfter()))
print("- [Has Expired]:\t{}".format(cert.has_expired()))
print("\n")
client_ssl.close()
return 0
def netflix_openssl_test_retry(ip):
client = socket()
print 'Connecting...',
stdout.flush()
client.connect((ip, port))
print 'connected', client.getpeername()
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(hostname)
client_ssl.do_handshake()
cert = client_ssl.get_peer_certificate().get_subject()
cn = [comp for comp in cert.get_components() if comp[0] in ['CN']]
client_ssl.close()
print cn
if hostname in cn[0][1]:
return True
else:
return False
def netflix_openssl_test_retry(ip):
client = socket()
print 'Connecting...',
stdout.flush()
client.connect((ip, port))
print 'connected', client.getpeername()
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(hostname)
client_ssl.do_handshake()
cert = client_ssl.get_peer_certificate().get_subject()
cn = [comp for comp in cert.get_components() if comp[0] in ['CN']]
client_ssl.close()
print cn
if hostname in cn[0][1]:
return True
else:
return False
def _validate_certificate_hostname_pyopenssl(self):
""" Use pyOpenSSL check if the host's certifcate matches the hostname.
Python < 2.7.9 is not able to provide a server hostname for SNI, so this
is a fallback that opens an additional connection if the initial
validation failed.
Returns:
bool: Whether or not the hostname is valid on the certificate.
"""
client = socket.socket()
client.connect((self.host, self.port))
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(self.host)
client_ssl.do_handshake()
cert = client_ssl.get_peer_certificate()
client_ssl.close()
common_name = cert.get_subject().commonName
return self._cert_host_matches_hostname(common_name, self.host)
def domain_ssl_connect(self, domain):
logging.basicConfig(filename=self.basedir+'/output/log/get_cert_from_domain.log', level=logging.DEBUG, format='%(asctime)s %(message)s')
try:
sslcontext = Context(TLSv1_METHOD)
sslcontext.set_timeout(30)
s = socket()
s.connect((domain, 443))
c = Connection(sslcontext, s)
c.set_connect_state()
c.set_tlsext_host_name(domain.encode('utf-8'))
logging.info("try to establish handshake with %s..." % domain)
c.do_handshake()
cert = c.get_peer_certificate()
logging.info("got certificate!")
c.shutdown()
s.close()
return cert
except Exception as e:
logging.info(e)
logging.info("fail to connect to port 443 with %s" % domain)
return None
def _validate_certificate_hostname_pyopenssl(self):
""" Use pyOpenSSL check if the host's certifcate matches the hostname.
Python < 2.7.9 is not able to provide a server hostname for SNI, so this
is a fallback that opens an additional connection if the initial
validation failed.
Returns:
bool: Whether or not the hostname is valid on the certificate.
"""
client = socket.socket()
client.connect((self.host, self.port))
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(self.host)
client_ssl.do_handshake()
cert = client_ssl.get_peer_certificate()
client_ssl.close()
common_name = cert.get_subject().commonName
return self._cert_host_matches_hostname(common_name, self.host)
def check_cerificate_invalidtime(domain, port=443):
from datetime import datetime
from OpenSSL.SSL import TLSv1_METHOD, Context, Connection
import socket
client = socket.socket()
try:
client.connect((domain, port))
ssl = Connection(Context(TLSv1_METHOD), client)
ssl.set_connect_state()
ssl.set_tlsext_host_name(domain.encode('utf-8'))
ssl.do_handshake()
cerificate = ssl.get_peer_certificate()
invalid = cerificate.get_notAfter().decode()[0:-1]
invalidtime = datetime.strptime(invalid, '%Y%m%d%H%M%S')
diff_day = invalidtime - datetime.now()
return True, {"invaliddate": invalidtime, "invalidday": diff_day.days}
except Exception as e:
return False, e.args
finally:
client.close()
pass
def main():
"""
Connect to an SNI-enabled server and request a specific hostname, specified
by argv[1], of it.
"""
if len(argv) < 2:
print 'Usage: %s <hostname>' % (argv[0],)
return 1
client = socket()
print 'Connecting...',
stdout.flush()
client.connect(('127.0.0.1', 8443))
print 'connected', client.getpeername()
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(argv[1])
client_ssl.do_handshake()
print 'Server subject is', client_ssl.get_peer_certificate().get_subject()
client_ssl.close()
def main():
"""
Connect to an SNI-enabled server and request a specific hostname, specified
by argv[1], of it.
"""
if len(argv) < 2:
print 'Usage: %s <hostname>' % (argv[0], )
return 1
client = socket()
print 'Connecting...',
stdout.flush()
client.connect(('127.0.0.1', 8443))
print 'connected', client.getpeername()
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(argv[1])
client_ssl.do_handshake()
print 'Server subject is', client_ssl.get_peer_certificate().get_subject()
client_ssl.close()
def verifyOpenProtocol(host,port,proto): try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection client_ssl = Connection(Context(proto), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Close the connection client_ssl.close() client.close() except openSSLError as e: # Server not configured to use return False except ValueError as e: # Not present return False # Success return True
def checkCertificate(url_base, url_rest, req_headers={}, request_type='GET'):
connection = http.client.HTTPSConnection(url_base, timeout=1)
certificate_is_valid = None
certificate_host_names = None
try:
client = socket.socket()
client.connect((url_base, 443))
client_ssl = Connection(Context(TLSv1_2_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(url_base.encode('UTF-8'))
client_ssl.do_handshake()
certificate_host_names = get_certificate_hosts(
client_ssl.get_peer_certificate())
except:
pass
finally:
if client:
client.close()
try:
connection.request(request_type, url_rest, headers=req_headers)
certificate_is_valid = True
except:
certificate_is_valid = False
return (certificate_is_valid, certificate_host_names)
return item[1]
return ''
def __read_cert(self, domain_str):
sslcontext = Context(TLSv1_METHOD)
sslcontext.set_timeout(30)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print domain_str
try:
s.connect((domain_str, 443))
except Exception, e:
print e
return ''
try:
c = Connection(sslcontext, s)
c.set_tlsext_host_name(str(domain_str))
c.set_connect_state()
c.do_handshake()
cert = c.get_peer_certificate()
issuer = cert.get_issuer().get_components()
result = self.__get_CN(issuer), self.__get_CN(
cert.get_subject().get_components()), cert.get_notAfter()
c.shutdown()
except Exception, e:
print e
return ''
s.close()
return result
def __get_ssl_info(self, domain_str):
if self.__test_domain_conn(domain_str) > 0:
port = int(port[1:len(port)])
from socket import socket, gethostbyname
from OpenSSL.SSL import Connection, Context, TLSv1_METHOD, WantReadError, VERIFY_PEER
try:
ip = gethostbyname(hostname)
except Exception, e:
print e
return None
try:
s = socket()
s.connect((ip, port))
sslcontext = Context(TLSv1_METHOD)
sslcontext.set_timeout(30)
c = Connection(sslcontext, s)
c.set_connect_state()
c.set_tlsext_host_name(hostname)
proto_v_name = c.get_protocol_version_name()
print "try to handshake with server: %s using %s" % (ip, proto_v_name)
c.do_handshake()
cert_chain = c.get_peer_cert_chain()
c.shutdown()
s.close()
except Exception, e:
print e
return None
else:
return cert_chain
def read_cert_object(x509_object):
"""
print '\nChecking DNS for CAA records . . .\n'
answers = dns.resolver.query(domain, 'CAA')
print 'The following records were found:\n'
for rdata in answers:
print domain, 'in CAA', rdata.flags, rdata.value
print '\nNow checking certificate . . . \n'
print 'Using server name:', host, 'on port', port, 'for SNI ...'
client = socket()
stdout.flush()
client.connect(('{0}'.format(host), int(port)))
print 'Connected to', client.getpeername(), '\n'
client_ssl = Connection(Context(TLSv1_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
client_ssl.do_handshake()
issuer = client_ssl.get_peer_certificate().get_issuer()
issr = str(issuer)
issr = issr.strip('<>')
issr = issr.replace('X509Name object', 'Certificate Information: ')
issr = issr.replace('C=', 'Country: ')
issr = issr.replace('O=', 'Organization: ')
issr = issr.replace('CN=', 'Common Name: ')
issr = issr.split('/')
for issr in issr:
print issr
print '\n'
client_ssl.close()
exit()
def do_POST(self):
content_len = int(self.headers.get('Content-Length', 0))
post_body = self.rfile.read(content_len)
try:
json_body = json.loads(post_body)
request_type = 'GET'
if 'type' in json_body:
request_type = json_body['type']
if 'url' not in json_body or (request_type == 'POST'
and 'content' not in json_body):
self.send_result(200, prepare_output('invalid json'))
request_url = json_body['url']
request_headers = json_body[
'headers'] if 'headers' in json_body else dict()
request_content = json_body[
'content'] if request_type == 'POST' else None
request_timeout = json_body[
'timeout'] if 'timeout' in json_body else 1
request_headers = {
k.lower(): v
for k, v in request_headers.items()
}
if 'content-type' not in request_headers:
request_headers['content-type'] = 'text/plain'
new_request = request.Request(
url=request_url,
data=bytes(request_content, 'UTF-8')
if request_content else None,
headers=request_headers,
method=request_type)
# TU ZACINA GRCKA SORRY.
# cert_raw = ssl.get_server_certificate(('google.com', 443))
# cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_raw)
# print(dict(cert.get_subject().get_components()))
certificate_common_names = None
certificate_is_valid = None
if request_url.startswith('https://'):
client = None
try:
client = socket.socket()
# print('Connecting...')
client.connect(
(parse.urlparse(request_url).netloc, 443))
client_ssl = Connection(Context(TLSv1_2_METHOD),
client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(
parse.urlparse(request_url).netloc.encode('UTF-8'))
client_ssl.do_handshake()
# print('Server subject is', dict(client_ssl.get_peer_certificate().get_subject().get_components()))
certificate_common_names = get_certificate_san(
client_ssl.get_peer_certificate())
except:
pass
finally:
if client:
client.close()
try:
with request.urlopen(
new_request,
timeout=request_timeout) as response:
certificate_is_valid = True
except:
certificate_is_valid = False
# TU KONCI GRCKA.
try:
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
with request.urlopen(new_request,
timeout=request_timeout,
context=ctx) as response:
res_content = response.read().decode('UTF-8')
output = prepare_output(response.status,
response.getheaders(),
res_content,
certificate_is_valid,
certificate_common_names)
self.send_result(200, output)
except HTTPError as err:
self.send_result(200, prepare_output(err.code, None, None))
except:
return self.send_result(
200, prepare_output('timeout', None, None))
except ValueError:
# import traceback
# traceback.print_exc()
self.send_result(200, prepare_output('invalid json'))
def do_GET(self):
get_params = parse.urlparse(self.path).query
get_url = input_target_url
if get_params:
get_url = '%s?%s' % (get_url, get_params)
new_headers = dict(self.headers)
if 'Host' in new_headers:
del new_headers['Host']
new_request = request.Request(url=get_url,
data=None,
headers=new_headers,
method='GET')
# TU ZACINA GRCKA SORRY.
certificate_common_names = None
certificate_is_valid = None
if get_url.startswith('https://'):
client = None
try:
client = socket.socket()
# print('Connecting...')
client.connect((parse.urlparse(get_url).netloc, 443))
client_ssl = Connection(Context(TLSv1_2_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(
parse.urlparse(get_url).netloc.encode('UTF-8'))
client_ssl.do_handshake()
# print('Server subject is', dict(client_ssl.get_peer_certificate().get_subject().get_components()))
certificate_common_names = get_certificate_san(
client_ssl.get_peer_certificate())
except:
pass
finally:
if client:
client.close()
try:
with request.urlopen(new_request, timeout=1) as response:
certificate_is_valid = True
except:
certificate_is_valid = False
# TU KONCI GRCKA.
try:
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
with request.urlopen(new_request, timeout=1,
context=ctx) as response:
res_content = response.read().decode('UTF-8')
output = prepare_output(response.status,
response.getheaders(), res_content,
certificate_is_valid,
certificate_common_names)
self.send_result(200, output)
except HTTPError as err:
self.send_result(200, prepare_output(err.code, None, None))
except:
return self.send_result(200,
prepare_output('timeout', None, None))
try:
soc = socket.socket()
soc.connect((host, int(port)))
except socket.error, err:
log(("Socket Error Encountered : %s" % err), sink)
exit(1)
pass
# --- Connect to remote host
soc_context = Context(SSLv23_METHOD)
soc_ssl = Connection(soc_context, soc)
soc_ssl.set_connect_state()
soc_ssl.set_tlsext_host_name(argv[1])
try:
soc_ssl.do_handshake()
except OpenSSL.SSL.Error, msg:
print " \n\n Unable to complet the SSL Handshake %s" % msg
exit(1)
pass
#--- Get the remote host name
rhost = soc.getpeername()
log(("\nRemote Host name :" + host), sink)
log(("\nRemote Host IPv4 :" + rhost[0]), sink)
log(("\nRemote Host Port :" + str(rhost[1])), sink)
def _identityVerifyingInfoCallback(self, connection: SSL.Connection,
where: int, ret: int) -> None:
# Literal IPv4 and IPv6 addresses are not permitted
# as host names according to the RFCs
if where & SSL.SSL_CB_HANDSHAKE_START and self._sendSNI:
connection.set_tlsext_host_name(self._hostnameBytes)
try:
soc = socket.socket()
soc.connect((host, int(port)))
except socket.error, err:
log(("Socket Error Encountered : %s" % err), sink)
exit(1)
pass
# --- Connect to remote host
soc_context = Context(SSLv23_METHOD)
soc_ssl = Connection(soc_context, soc)
soc_ssl.set_connect_state()
soc_ssl.set_tlsext_host_name(argv[1])
try:
soc_ssl.do_handshake()
except OpenSSL.SSL.Error, msg:
print " \n\n Unable to complet the SSL Handshake %s" % msg
exit(1)
pass
#--- Get the remote host name
rhost = soc.getpeername()
log(("\nRemote Host name :" + host), sink)
log(("\nRemote Host IPv4 :" + rhost[0]), sink)
log(("\nRemote Host Port :" + str(rhost[1])), sink)
