def _build_dtls_base_client_hello(self, protocol_version, cipher_suites, elliptic_curves=None): ver_major, ver_minor = flextls.helper.get_tls_version(protocol_version) hash_algorithms = flextls.registry.tls.hash_algorithms.get_ids() sign_algorithms = flextls.registry.tls.signature_algorithms.get_ids() comp_methods = flextls.registry.tls.compression_methods.get_ids() hello = DTLSv10ClientHello() for i in cipher_suites: cipher = CipherSuiteField() cipher.value = i hello.cipher_suites.append(cipher) for comp_id in comp_methods: comp = CompressionMethodField() comp.value = comp_id hello.compression_methods.append(comp) server_name = ServerNameField() server_name.payload = HostNameField("") server_name.payload.value = self._scanner.handler.hostname.encode("utf-8") tmp_sni = ServerNameIndication() tmp_sni.server_name_list.append(server_name) tmp_ext_sni = Extension() + tmp_sni hello.extensions.append(tmp_ext_sni) ext_elliptic_curves = EllipticCurves() a = ext_elliptic_curves.get_field("elliptic_curve_list") if elliptic_curves is None: elliptic_curves = flextls.registry.ec.named_curves.get_ids() for i in elliptic_curves: v = a.item_class("unnamed", None) v.value = i a.value.append(v) hello.extensions.append(Extension() + ext_elliptic_curves) ext_ec_point_formats = EcPointFormats() a = ext_ec_point_formats.get_field("point_format_list") for tmp_pf in flextls.registry.ec.point_formats: v = a.item_class("unnamed", tmp_pf.id) a.value.append(v) hello.extensions.append(Extension() + ext_ec_point_formats) ext_signature_algorithm = SignatureAlgorithms() a = ext_signature_algorithm.get_field("supported_signature_algorithms") for i in hash_algorithms: for j in sign_algorithms: v = a.item_class("unnamed") v.hash = i v.signature = j a.value.append(v) hello.extensions.append(Extension() + ext_signature_algorithm) hello.extensions.append(Extension() + SessionTicketTLS()) hb_ext = HeartbeatExt() hb_ext.mode = 1 hello.extensions.append(Extension() + hb_ext) hello.random = os.urandom(32) hello.version.major = ver_major hello.version.minor = ver_minor msg_handshake = DTLSv10Handshake() msg_handshake.set_payload(hello) return msg_handshake
def _send_heartbeat(self, protocol_version, cipher_suites): record_tls = self._build_tls_base_client_hello( protocol_version, cipher_suites ) ext_hb = HeartbeatExtension() ext_hb.mode = 1 record_client_hello = record_tls.payload record_client_hello.extensions.append(Extension() + ext_hb) conn = self._scanner.handler.connect() conn.settimeout(2.0) conn.send(record_tls.encode()) time_start = datetime.now() server_hello_done = False heartbeat_supported = False data = b"" while server_hello_done is False: tmp_time = datetime.now() - time_start if tmp_time.total_seconds() > 5.0: return False try: tmp_data = conn.recv(4096) except: return None data += tmp_data while True: try: (record, data) = SSLv3Record.decode(data) except NotEnoughData: break if isinstance(record.payload, Handshake): if isinstance(record.payload.payload, ServerHello): server_hello = record.payload.payload for ext in server_hello.extensions: if isinstance(ext.payload, HeartbeatExtension): heartbeat_supported = True if isinstance(record.payload.payload, ServerHelloDone): server_hello_done = True elif isinstance(record.payload, Alert): if record.payload.level == 2: return None # ToDo: use connection state if protocol_version == flextls.registry.version.SSLv3: ver_minor = 0 elif protocol_version == flextls.registry.version.TLSv10: ver_minor = 1 elif protocol_version == flextls.registry.version.TLSv11: ver_minor = 2 elif protocol_version == flextls.registry.version.TLSv12: ver_minor = 3 record = SSLv3Record() record.version.major = 3 record.version.minor = ver_minor record.payload = binascii.unhexlify(b"014000") record.length = 3 record.content_type = 24 conn.send(record.encode()) time_start = datetime.now() record_with_heartbeat = None data = b"" while record_with_heartbeat is None: tmp_time = datetime.now() - time_start if tmp_time.total_seconds() > 5.0: return heartbeat_supported try: tmp_data = conn.recv(4096) except: return heartbeat_supported data += tmp_data while True: try: (record, data) = SSLv3Record.decode( data, payload_auto_decode=False ) except NotEnoughData: break if record.content_type == record.get_payload_pattern(Heartbeat): record_with_heartbeat = record elif isinstance(record.payload, Alert): if record.payload.level == 2: return heartbeat_supported return record_with_heartbeat
def _hook_tls_client_hello_heartbeat(self, record): hb_ext = HeartbeatExt() hb_ext.mode = 1 record.payload.extensions.append(Extension() + hb_ext) return record
def _send_heartbeat(self, protocol_version, cipher_suites): record_tls = self._build_tls_base_client_hello(protocol_version, cipher_suites) ext_hb = HeartbeatExtension() ext_hb.mode = 1 record_client_hello = record_tls.payload record_client_hello.extensions.append(Extension() + ext_hb) conn = self._scanner.handler.connect() conn.settimeout(2.0) conn.send(record_tls.encode()) time_start = datetime.now() server_hello_done = False heartbeat_supported = False data = b"" while server_hello_done is False: tmp_time = datetime.now() - time_start if tmp_time.total_seconds() > 5.0: return False try: tmp_data = conn.recv(4096) except: return None data += tmp_data while True: try: (record, data) = SSLv3Record.decode(data) except NotEnoughData: break if isinstance(record.payload, Handshake): if isinstance(record.payload.payload, ServerHello): server_hello = record.payload.payload for ext in server_hello.extensions: if isinstance(ext.payload, HeartbeatExtension): heartbeat_supported = True if isinstance(record.payload.payload, ServerHelloDone): server_hello_done = True elif isinstance(record.payload, Alert): if record.payload.level == 2: return None # ToDo: use connection state if protocol_version == flextls.registry.version.SSLv3: ver_minor = 0 elif protocol_version == flextls.registry.version.TLSv10: ver_minor = 1 elif protocol_version == flextls.registry.version.TLSv11: ver_minor = 2 elif protocol_version == flextls.registry.version.TLSv12: ver_minor = 3 record = SSLv3Record() record.version.major = 3 record.version.minor = ver_minor record.payload = binascii.unhexlify(b"014000") record.length = 3 record.content_type = 24 conn.send(record.encode()) time_start = datetime.now() record_with_heartbeat = None data = b"" while record_with_heartbeat is None: tmp_time = datetime.now() - time_start if tmp_time.total_seconds() > 5.0: return heartbeat_supported try: tmp_data = conn.recv(4096) except: return heartbeat_supported data += tmp_data while True: try: (record, data) = SSLv3Record.decode(data, payload_auto_decode=False) except NotEnoughData: break if record.content_type == record.get_payload_pattern( Heartbeat): record_with_heartbeat = record elif isinstance(record.payload, Alert): if record.payload.level == 2: return heartbeat_supported return record_with_heartbeat
def _build_dtls_base_client_hello(self, protocol_version, cipher_suites, elliptic_curves=None): ver_major, ver_minor = flextls.helper.get_tls_version(protocol_version) hash_algorithms = flextls.registry.tls.hash_algorithms.get_ids() sign_algorithms = flextls.registry.tls.signature_algorithms.get_ids() comp_methods = flextls.registry.tls.compression_methods.get_ids() hello = DTLSv10ClientHello() for i in cipher_suites: cipher = CipherSuiteField() cipher.value = i hello.cipher_suites.append(cipher) for comp_id in comp_methods: comp = CompressionMethodField() comp.value = comp_id hello.compression_methods.append(comp) server_name = ServerNameField() server_name.payload = HostNameField("") server_name.payload.value = self._scanner.handler.hostname.encode( "utf-8") tmp_sni = ServerNameIndication() tmp_sni.server_name_list.append(server_name) tmp_ext_sni = Extension() + tmp_sni hello.extensions.append(tmp_ext_sni) ext_elliptic_curves = EllipticCurves() a = ext_elliptic_curves.get_field("elliptic_curve_list") if elliptic_curves is None: elliptic_curves = flextls.registry.ec.named_curves.get_ids() for i in elliptic_curves: v = a.item_class("unnamed", None) v.value = i a.value.append(v) hello.extensions.append(Extension() + ext_elliptic_curves) ext_ec_point_formats = EcPointFormats() a = ext_ec_point_formats.get_field("point_format_list") for tmp_pf in flextls.registry.ec.point_formats: v = a.item_class("unnamed", tmp_pf.id) a.value.append(v) hello.extensions.append(Extension() + ext_ec_point_formats) ext_signature_algorithm = SignatureAlgorithms() a = ext_signature_algorithm.get_field("supported_signature_algorithms") for i in hash_algorithms: for j in sign_algorithms: v = a.item_class("unnamed") v.hash = i v.signature = j a.value.append(v) hello.extensions.append(Extension() + ext_signature_algorithm) hello.extensions.append(Extension() + SessionTicketTLS()) hb_ext = HeartbeatExt() hb_ext.mode = 1 hello.extensions.append(Extension() + hb_ext) hello.random = os.urandom(32) hello.version.major = ver_major hello.version.minor = ver_minor msg_handshake = DTLSv10Handshake() msg_handshake.set_payload(hello) return msg_handshake