def send_request( host, port, endpoint, method, token, data=None, cert=None, key=None, ca_cert=None, check_ocsp=True, ): def callback(conn, encoded_ocsp, data): ocsp_resp = load_der_ocsp_response(encoded_ocsp) return ocsp_resp.response_status == OCSPResponseStatus.SUCCESSFUL and ocsp_resp.certificate_status == OCSPCertStatus.GOOD context = Context(TLSv1_2_METHOD) context.load_client_ca(bytes(ca_cert, encoding="utf8")) context.use_certificate_file(cert) context.use_privatekey_file(key) context.set_ocsp_client_callback(callback) conn = Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) conn.connect((host, port)) if check_ocsp: conn.request_ocsp() conn.send( bytes( f"{method} {endpoint} HTTP/1.1\nHost: {host}:{port}\n" + f"Content-Type: text/plain\norigin: https://{host}:{port}\nToken: {token}\nContent-Length: {len(data)}\n\n{data}", encoding="utf8")) response = conn.read(2048) conn.close()
def testPFSCipher(host,port,cipher): try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.settimeout(10) client.connect((host, port)) # Define the method as serverpreferred and use the Cipher from the test contextToUse = Context(pfsCipherList[cipher]) contextToUse.set_cipher_list(cipher) # Estabilish a SSL connection using the server's preferred connection client_ssl = Connection(contextToUse, client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Close the connection client_ssl.close() client.close() return True except openSSLError as e: # Server may be down or avoiding SSL connection return False except ValueError as e: # Not configured or not allowed return False pass
def printcert(host, port, hostname): con = Connection(Context(TLSv1_METHOD), socket(AF_INET, SOCK_STREAM)) con.connect((host, port)) con.set_tlsext_host_name(hostname if hostname else host) con.do_handshake() con.shutdown() con.close() print dump_certificate(FILETYPE_PEM, walkchain(con.get_peer_cert_chain()))
def verify_cert(host, ca, timeout): server_ctx = Context(TLSv1_METHOD) server_cert_chain = [] if os.path.isdir(ca): server_ctx.load_verify_locations(None, ca) else: server_ctx.load_verify_locations(ca, None) def verify_cb(conn, cert, errnum, depth, ok): server_cert_chain.append(cert) return ok server_ctx.set_verify(VERIFY_PEER, verify_cb) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setblocking(1) sock.settimeout(timeout) sock.connect((host, 443)) server_conn = Connection(server_ctx, sock) server_conn.set_connect_state() def iosock_try(): ok = True try: server_conn.do_handshake() sleep(0.5) except SSLWantReadError as e: ok = False pass except Exception as e: raise e return ok try: while True: if iosock_try(): break server_subject = server_cert_chain[-1].get_subject() if host != server_subject.CN: raise SSLError('Server certificate CN does not match %s' % host) except SSLError as e: raise e finally: server_conn.shutdown() server_conn.close() return True
def main(): """ Connect to an SNI-enabled server and request a specific hostname, specified by argv[1], of it. """ if len(argv) < 2: print 'Usage: %s <hostname> [port]' % (argv[0], ) return 1 port = 443 if len(argv) == 3: port = int(argv[2]) hostname = argv[1] client = socket() #client.settimeout(2) #print 'Connecting...', stdout.flush() client.connect((hostname, port)) #print 'connected', client.getpeername() client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(hostname) client_ssl.do_handshake() host = client_ssl.getpeername() servername = client_ssl.get_servername() x509 = client_ssl.get_peer_certificate() notAfter = datetime.strptime(x509.get_notAfter(), '%Y%m%d%H%M%SZ') cert_chain = client_ssl.get_peer_cert_chain() now = datetime.now() timedelta = notAfter - now DNS = '' for i in xrange(x509.get_extension_count()): ret = str(x509.get_extension(i)) if re.match('^DNS:', ret): DNS = ret.replace('DNS:', '') print "servername: %s, host: %s, port: %s" % (servername, host[0], host[1]) print "\tnotAfter: %s, remain: %s days" % (notAfter, timedelta.days) print "\tDNS: ", DNS print '\tCert Chain:' for i, v in enumerate(cert_chain): print '\t%s,i,%s' % (i, v.get_subject()) print '\t%s,s,%s' % (i, v.get_issuer()) client_ssl.close()
def server_ok(serverarg, capath, timeout): "Check if the server is active and responsive" server_ctx = Context(TLSv1_METHOD) server_ctx.load_verify_locations(None, capath) def verify_cb(conn, cert, errnum, depth, ok): return ok server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb) serverarg = re.split("/*", serverarg)[1] if ':' in serverarg: serverarg = serverarg.split(':') server = serverarg[0] port = int(serverarg[1] if not '?' in serverarg[1] else serverarg[1].split('?')[0]) else: server = serverarg port = DEFAULT_PORT try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((server, port)) server_conn = Connection(server_ctx, sock) server_conn.set_connect_state() try: def handler(signum, frame): raise socket.error([('Timeout', 'after', str(timeout) + 's')]) signal.signal(signal.SIGALRM, handler) signal.alarm(timeout) server_conn.do_handshake() signal.alarm(0) except socket.timeout as e: nagios_out('Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e)),2) server_conn.shutdown() server_conn.close() except (SSLError, socket.error) as e: if 'sslv3 alert handshake failure' in errmsg_from_excp(e): pass else: nagios_out('Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e)), 2) return True
def server_ok(serverarg, capath, timeout): server_ctx = Context(TLSv1_METHOD) server_ctx.load_verify_locations(None, capath) def verify_cb(conn, cert, errnum, depth, ok): return ok server_ctx.set_verify(VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb) serverarg = re.split("/*", serverarg)[1] if ':' in serverarg: serverarg = serverarg.split(':') server = serverarg[0] port = int(serverarg[1] if not '?' in serverarg[1] else serverarg[1]. split('?')[0]) else: server = serverarg port = DEFAULT_PORT try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((server, port)) server_conn = Connection(server_ctx, sock) server_conn.set_connect_state() try: def handler(signum, frame): raise socket.error([('Timeout', 'after', str(timeout) + 's')]) signal.signal(signal.SIGALRM, handler) signal.alarm(timeout) server_conn.do_handshake() signal.alarm(0) except socket.timeout as e: nagios_out( 'Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e)), 2) server_conn.shutdown() server_conn.close() except (SSLError, socket.error) as e: if 'sslv3 alert handshake failure' in errmsg_from_excp(e): pass else: nagios_out( 'Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e)), 2) return True
def testWeakCipher(host,port,protocolList): # Create a list to put all analysed data protoDataList = [] # Test the size of the cipher for each protocol avaiable and get the Cipher Suite for proto in protocolList: try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection client_ssl = Connection(Context(methods[proto]), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Obtain the name of the protocol being used protoName = (client_ssl.get_protocol_version_name()) # Obtain the size of the cipher being used by the protocol bitSize = (client_ssl.get_cipher_bits()) # Obtain the Cipher Suite suite = client_ssl.get_cipher_name() # Create a compiled data data = (protoName,bitSize,suite) # Put the data obtained on the list protoDataList.append(data) # Close the connection client_ssl.close() client.close() except openSSLError as e: # Server may be down or avoiding SSL connection print _('Servidor nao esta respondendo') return except ValueError as e: # Not configured or not allowed print _('Servidor nao esta configurado') return # Print the results print bcolors.BOLD + _("Protocolo\tTamanho da Cifra\tCifra") + bcolors.ENDC for protoData in protoDataList: print protoData[0] + '\t\t' + str(protoData[1]) + ' bits' + ( '(OK)' if (protoData[1] >=128) else _('(FRACA)')) + '\the\t' + str(protoData[2])
def main(): def err_exit(ret, msg): ret['failed'] = True ret['msg'] = msg module.fail_json(**ret) module = AnsibleModule(argument_spec=dict( host=dict(required=True, type='str'), certificates=dict(required=True, type='dict'), ), ) host = module.params['host'] certificates = copy.copy(module.params['certificates']) split = host.split(':') split.reverse() host = split.pop() ret['host'] = host ret['port'] = None ret['downloaded'] = False ret['ansible_facts'] = dict(certificates=certificates) try: port = int(split.pop()) if split else 443 hostport = "{}:{}".format(host, port) ret['port'] = port if host in certificates and hostport not in certificates: certificates[hostport] = certificates[host] if hostport not in certificates or certificates[hostport] is None: s = socket(AF_INET, SOCK_STREAM) ctx = Context(TLSv1_METHOD) con = Connection(ctx, s) con.connect((host, port)) con.do_handshake() x509 = con.get_peer_cert_chain()[-1] con.shutdown() con.close() ret['downloaded'] = True certificates[hostport] = dump_certificate(FILETYPE_PEM, x509) if host not in certificates or certificates[host] is None: certificates[host] = certificates[hostport] module.exit_json(**ret) except Exception as e: msg_ = traceback.format_exc() module.fail_json(msg="{}: {}".format(repr(e), msg_))
def identifyProtocol(host,port): # Create a list to put all analysed data protoDataList = [] try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection using the server's preferred connection client_ssl = Connection(Context(SSLv23_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Obtain the name of the protocol being used protoName = (client_ssl.get_protocol_version_name()) # Obtain the size of the cipher being used by the protocol bitSize = (client_ssl.get_cipher_bits()) # Obtain the Cipher Suite suite = client_ssl.get_cipher_name() # Create a compiled data data = (protoName,bitSize,suite) # Put the data obtained on the list protoDataList.append(data) # Close the connection client_ssl.close() client.close() # Shpw the data print _('Preferido: ') + str(protoName) + _('\nCifra: ') + str(suite) + _('\nTamanho em bits: ') + str(bitSize) # Return the protocol method used by pyOpenSSL return methodName[protoName] except openSSLError as e: # Server may be down or avoiding SSL connection print _('\nNao foi possivel identificar o protocolo padrao\n') return 0 except ValueError as e: # Not configured or not allowed print _('\nNao foi possivel identificar o protocolo padrao\n') return 0
def verify_servercert(host, timeout, capath): server_ctx = Context(TLSv1_METHOD) server_ctx.load_verify_locations(None, capath) server_cert_chain = [] def verify_cb(conn, cert, errnum, depth, ok): server_cert_chain.append(cert) return ok server_ctx.set_verify(VERIFY_PEER, verify_cb) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setblocking(1) sock.settimeout(timeout) sock.connect((host, 443)) server_conn = Connection(server_ctx, sock) server_conn.set_connect_state() def iosock_try(): ok = True try: server_conn.do_handshake() sleep(0.5) except SSLWantReadError as e: ok = False pass except Exception as e: raise e return ok try: while True: if iosock_try(): break global server_expire server_expire = server_cert_chain[-1].get_notAfter() except PyOpenSSLError as e: raise e finally: server_conn.shutdown() server_conn.close() return True
def get_certificate(hostname, port=443): """ Return TLS certificate (f.i. for https or smtps) """ client = socket() client.connect((hostname, port)) client_ssl = Connection(Context(TLSv1_2_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(hostname.encode("ascii")) # SNI client_ssl.do_handshake() cert = client_ssl.get_peer_certificate() client_ssl.close() return cert
class OpenSSLSNI(object): """This class implements the functionality of obtaining certificates secure connection using apache TLS Extension Server Name Indication (SNI) """ def connection(func): def wrapped(self): self._connect() try: return func(self) finally: self._close() return wrapped def __init__(self, host, port): #Set host name self._host = str(host).split('//')[-1].split(':')[0] #Set port self._port = int(port) if str(port).isdigit() else 443 def _connect(self): """This method implements the functionality of establishing a secure connection using TLS Extension""" self._socket_client = socket() self._socket_client.connect((self._host, self._port)) self._ssl_client = Connection(Context(TLSv1_METHOD), self._socket_client) self._ssl_client.set_connect_state() self._ssl_client.set_tlsext_host_name(self._host) self._ssl_client.do_handshake() def _close(self): """This method implements the functional termination created connection""" self._ssl_client.close() del self._socket_client @property @connection def serial_number(self): """Returns certificates serial number""" return self._ssl_client.get_peer_certificate().get_serial_number() @property @connection def certificate(self): """Returns certificate""" return OpenSSL.crypto.dump_certificate(FILETYPE_PEM, self._ssl_client.get_peer_certificate())
def main(): if len(argv) < 3: print('Usage: %s <hostname> <port>'.format(argv[0])) return 1 hostname = str(argv[1]) port = int(argv[2]) client = socket() print('Connecting...') stdout.flush() client.connect((hostname, port)) print('Connected to', client.getpeername()) client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(hostname.encode('utf-8')) client_ssl.do_handshake() chain = client_ssl.get_peer_cert_chain() print("\n>> Certificate Chain:\n") i = 0 for cert in reversed(chain): i += 1 asterisks = "*" * i print(" [+] {:<10} {}".format(asterisks, cert.get_subject())) print("\n>> Certificate Details:\n") for cert in reversed(chain): pkey = cert.get_pubkey() print("." * 80) print("- [Subject]:\t\t{}".format(cert.get_subject())) print("- [Issuer]:\t\t{}".format(cert.get_issuer())) print("- [Valid from]:\t\t{}".format(cert.get_notBefore())) print("- [Valid until]:\t{}".format(cert.get_notAfter())) print("- [Has Expired]:\t{}".format(cert.has_expired())) print("\n") client_ssl.close() return 0
def netflix_openssl_test_retry(ip): client = socket() print 'Connecting...', stdout.flush() client.connect((ip, port)) print 'connected', client.getpeername() client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(hostname) client_ssl.do_handshake() cert = client_ssl.get_peer_certificate().get_subject() cn = [comp for comp in cert.get_components() if comp[0] in ['CN']] client_ssl.close() print cn if hostname in cn[0][1]: return True else: return False
def _validate_certificate_hostname_pyopenssl(self): """ Use pyOpenSSL check if the host's certifcate matches the hostname. Python < 2.7.9 is not able to provide a server hostname for SNI, so this is a fallback that opens an additional connection if the initial validation failed. Returns: bool: Whether or not the hostname is valid on the certificate. """ client = socket.socket() client.connect((self.host, self.port)) client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(self.host) client_ssl.do_handshake() cert = client_ssl.get_peer_certificate() client_ssl.close() common_name = cert.get_subject().commonName return self._cert_host_matches_hostname(common_name, self.host)
def main(): """ Connect to an SNI-enabled server and request a specific hostname, specified by argv[1], of it. """ if len(argv) < 2: print 'Usage: %s <hostname>' % (argv[0],) return 1 client = socket() print 'Connecting...', stdout.flush() client.connect(('127.0.0.1', 8443)) print 'connected', client.getpeername() client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(argv[1]) client_ssl.do_handshake() print 'Server subject is', client_ssl.get_peer_certificate().get_subject() client_ssl.close()
def main(): """ Connect to an SNI-enabled server and request a specific hostname, specified by argv[1], of it. """ if len(argv) < 2: print 'Usage: %s <hostname>' % (argv[0], ) return 1 client = socket() print 'Connecting...', stdout.flush() client.connect(('127.0.0.1', 8443)) print 'connected', client.getpeername() client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(argv[1]) client_ssl.do_handshake() print 'Server subject is', client_ssl.get_peer_certificate().get_subject() client_ssl.close()
def verifyOpenProtocol(host,port,proto): try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection client_ssl = Connection(Context(proto), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Close the connection client_ssl.close() client.close() except openSSLError as e: # Server not configured to use return False except ValueError as e: # Not present return False # Success return True
def verify_cert(host, capath, timeout, cncheck=True): server_ctx = Context(TLSv1_METHOD) server_cert_chain = [] server_ctx.load_verify_locations(None, capath) host = re.split("/*", host)[1] if ':' in host: host = host.split(':') server = host[0] port = int(host[1] if not '?' in host[1] else host[1].split('?')[0]) else: server = host port = 443 def verify_cb(conn, cert, errnum, depth, ok): server_cert_chain.append(cert) return ok server_ctx.set_verify(VERIFY_PEER, verify_cb) try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setblocking(1) sock.settimeout(timeout) sock.connect((server, port)) except (socket.error, socket.timeout) as e: nagios_out( 'Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e)), 2) server_conn = Connection(server_ctx, sock) server_conn.set_connect_state() def iosock_try(): ok = True try: server_conn.do_handshake() sleep(0.5) except SSLWantReadError as e: ok = False pass except Exception as e: raise e return ok try: while True: if iosock_try(): break if cncheck: server_subject = server_cert_chain[-1].get_subject() if server != server_subject.CN: nagios_out( 'Critical', 'Server certificate CN %s does not match %s' % (server_subject.CN, server), 2) except SSLError as e: if 'sslv3 alert handshake failure' in errmsg_from_excp(e): pass else: nagios_out( 'Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e, level=1)), 2) finally: server_conn.shutdown() server_conn.close() return True
def verify_cert(host, capath, timeout, cncheck=True): server_ctx = Context(TLSv1_METHOD) server_cert_chain = [] server_ctx.load_verify_locations(None, capath) host = re.split("/*", host)[1] if ':' in host: host = host.split(':') server = host[0] port = int(host[1] if not '?' in host[1] else host[1].split('?')[0]) else: server = host port = 443 def verify_cb(conn, cert, errnum, depth, ok): server_cert_chain.append(cert) return ok server_ctx.set_verify(VERIFY_PEER, verify_cb) try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setblocking(1) sock.settimeout(timeout) sock.connect((server, port)) except (socket.error, socket.timeout) as e: nagios_out('Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e)), 2) server_conn = Connection(server_ctx, sock) server_conn.set_connect_state() def iosock_try(): ok = True try: server_conn.do_handshake() sleep(0.5) except SSLWantReadError as e: ok = False pass except Exception as e: raise e return ok try: while True: if iosock_try(): break if cncheck: server_subject = server_cert_chain[-1].get_subject() if server != server_subject.CN: nagios_out('Critical', 'Server certificate CN %s does not match %s' % (server_subject.CN, server), 2) except SSLError as e: if 'sslv3 alert handshake failure' in errmsg_from_excp(e): pass else: nagios_out('Critical', 'Connection error %s - %s' % (server + ':' + str(port), errmsg_from_excp(e, level=1)), 2) finally: server_conn.shutdown() server_conn.close() return True
class SocketClient(object): """This class sends all info to the server """ cacertpath = "ca/cacert.pem" BUFF = 8192 def __init__(self,HOST='130.236.219.232', PORT = 443): self.mutex = threading.Semaphore(1) self.connected = False self.connect() self.host_addr = HOST self.host_port = PORT def connect(self): print "You are trying to connect..." for x in range(7): if not self.connected: try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) context = Context(TLSv1_METHOD) context.use_certificate_file(self.cacertpath) context.set_timeout(2) self.sslsocket = Connection(context,s) self.sslsocket.connect((self.host_addr,self.host_port)) #starting a thread that listen to what server sends which the clients need to be able to send and recive data at the same time t = threading.Thread(target=self.receive) t.daemon = True t.start() if self.sslsocket: self.connected = True print "connection established" #self.authentication("Kalle", "te") t = threading.Thread(target=self.sendinput) t.start() except socket.error: print "You failed to connect, retrying......." time.sleep(5) def authentication(self, username, password): self.sslsocket.send(username) self.sslsocket.send(password) #sending string to server def send(self,str): try: self.sslsocket.write("start") totalsent = 0 while totalsent < str.__len__(): sent = self.sslsocket.write(str[totalsent:]) if sent == 0: raise RuntimeError, "socket connection broken" totalsent = totalsent + sent self.sslsocket.write("end") except SSL.SysCallError: print "your server is dead, you have to resend data" self.connected = False self.sslsocket.shutdown() self.sslsocket.close() self.mutex.acquire() print "Du är inne i connect via send SysCallError" self.connect() self.mutex.release() except SSL.Error: self.connected = False self.mutex.acquire() print "Du är inne i connect via send ssl error" self.connect() self.mutex.release() #Sending input to server def sendinput(self): try: while True: input = raw_input() self.send(input) except KeyboardInterrupt: print "du är inne i sendinput" self.sslsocket.shutdown() self.sslsocket.close() exit(0) #getting data from server def receive(self): output = "" try: while True: data = self.sslsocket.recv(self.BUFF) if data == "start": while True: data = self.sslsocket.recv(self.BUFF) if data == "end": print output output = "" break output = output + data except SSL.SysCallError: print "OMG Server is down" self.connected = False print self.connected self.sslsocket.shutdown() self.sslsocket.close() self.mutex.acquire() self.connect() self.mutex.release()
def index(): form = ActionForm(request.form, csrf_context=session) if request.method == 'POST' and form.validate( ) and current_user.is_authenticated: comment_value = request.form['comment'] action_value = request.form['action'] user_name = current_user.username user_ip = get_client_ip() action_data = dict(comment=comment_value, action=action_value, user=user_name, ip=user_ip) rx = "" try: print('Creating socket', file=sys.stderr) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #s.settimeout(10.0) if repeater_listen_psk: ctx = Context(TLSv1_2_METHOD) ctx.set_cipher_list(b'PSK') ctx.set_psk_client_callback(client_callback) s = Connection(ctx, s) print('PSK Context created', file=sys.stderr) print('Connecting:', REPEATER_LISTENER) s.connect(REPEATER_LISTENER) print('Connected') try: hello_msg = s.recv(5) print(f'hello msg: {hello_msg}', file=sys.stderr) except socket.timeout: traceback.print_exc(file=sys.stderr) #send_delay = request.form.get('test_send_delay') or 0 #sleep(int(send_delay)) #if action_value == 'test_send': # msg = comment_value.encode() #else: # msg = json.dumps(action_data).encode() msg = json.dumps(action_data).encode() msg_len = len(msg) print(f'Sending {msg_len}b message: {msg}', file=sys.stderr) s.send(msg) #recv_delay = request.form.get('test_recv_delay') or 0 #sleep(int(recv_delay)) try: rx = s.recv(2) except ConnectionResetError: traceback.print_exc(file=sys.stderr) pass s.close() if len(rx) > 0: action_data['submitted'] = True action_data['submit_result'] = "Server reply: " + rx.decode() else: action_data['submitted'] = True action_data['submit_result'] = '<Unknown - no reply>' except Exception as e: traceback.print_exc(file=sys.stderr) action_data['submitted'] = False action_data[ 'submit_result'] = 'Unexpected error while sending: ' + str(e) ev = LogEvent.from_action(action_data, current_user) db.session.add(ev) db.session.commit() else: action_data = None connections = '' logs = [] if current_user.is_authenticated: if os.path.exists(LISTENER_FILE): with open(LISTENER_FILE) as f: connections = f.read() else: connections = 'No file' logs = LogEvent.query.order_by(LogEvent.ts.desc()).limit(10).all() return render_template("index.html", actions=REPEATER_ACTIONS, form=form, connections=connections, logs=logs, action=action_data)
print '\nChecking DNS for CAA records . . .\n' answers = dns.resolver.query(domain, 'CAA') print 'The following records were found:\n' for rdata in answers: print domain, 'in CAA', rdata.flags, rdata.value print '\nNow checking certificate . . . \n' print 'Using server name:', host, 'on port', port, 'for SNI ...' client = socket() stdout.flush() client.connect(('{0}'.format(host), int(port))) print 'Connected to', client.getpeername(), '\n' client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) client_ssl.do_handshake() issuer = client_ssl.get_peer_certificate().get_issuer() issr = str(issuer) issr = issr.strip('<>') issr = issr.replace('X509Name object', 'Certificate Information: ') issr = issr.replace('C=', 'Country: ') issr = issr.replace('O=', 'Organization: ') issr = issr.replace('CN=', 'Common Name: ') issr = issr.split('/') for issr in issr: print issr print '\n' client_ssl.close() exit()