def _do_handshake_with_ccs_injection(self): # type: ignore """Modified do_handshake() to send a CCS injection payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b"" while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes( remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError("Unknown record? Type {}".format( tls_record.header.type)) if did_receive_hello_done: # Send an early CCS record - this should be rejected by the server payload = TlsChangeCipherSpecRecord.from_parameters( tls_version=tls_parser.tls_version.TlsVersionEnum[ self._ssl_version.name]).to_bytes() self._sock.send(payload) # Send an early application data record which should be ignored by the server app_data_record = TlsApplicationDataRecord.from_parameters( tls_version=tls_parser.tls_version.TlsVersionEnum[ self._ssl_version.name], application_data=b"\x00\x00") self._sock.send(app_data_record.to_bytes()) # Check if an alert was sent back while True: try: tls_record, len_consumed = TlsRecordParser.parse_bytes( remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? raise _NotVulnerableToCcsInjection() except socket.error: # Server closed the connection after receiving the CCS payload raise _NotVulnerableToCcsInjection() remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert but which one? if tls_record.alert_description == 0x14: # BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data # record instead of ignoring it; server is vulnerable raise _VulnerableToCcsInjection() # Any other alert means that the server rejected the early CCS record raise _NotVulnerableToCcsInjection() else: break raise _NotVulnerableToCcsInjection()
def do_handshake_with_ccs_injection(self): # type: ignore """Modified do_handshake() to send a CCS injection payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b'' while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError('Unknown record? Type {}'.format(tls_record.header.type)) if did_receive_hello_done: # Send an early CCS record - this should be rejected by the server payload = TlsChangeCipherSpecRecord.from_parameters( tls_version=TlsVersionEnum[self._ssl_version.name]).to_bytes() self._sock.send(payload) # Send an early application data record which should be ignored by the server app_data_record = TlsApplicationDataRecord.from_parameters(tls_version=TlsVersionEnum[self._ssl_version.name], application_data=b'\x00\x00') self._sock.send(app_data_record.to_bytes()) # Check if an alert was sent back while True: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? raise NotVulnerableToCcsInjection() except socket.error: # Server closed the connection after receiving the CCS payload raise NotVulnerableToCcsInjection() remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert but which one? if tls_record.alert_description == 0x14: # BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data # record instead of ignoring it; server is vulnerable raise VulnerableToCcsInjection() # Any other alert means that the server rejected the early CCS record raise NotVulnerableToCcsInjection() else: break raise NotVulnerableToCcsInjection()