def validate_working_configs():
"""
Load the cipher list after openssl has ran.
Then test the configurations the proxy can support.
"""
blocklist = {}
jarms = []
for version in config.ssl_versions:
c_list = grab_unvalidated_ciphers()
for cipher in c_list:
print(f"[x] Validating tls {version} and cipher {cipher}")
try:
test_port, httpd = start_test_server(version, cipher)
x = requests.get(
f'https://{config.ip}:{test_port}/http://google.com',
verify=False)
jarms.append({
'tls_version': version,
'cipher': cipher,
'jarm': Scanner.scan(config.ip, test_port)[0],
})
time.sleep(1)
httpd.shutdown()
except Exception as e:
blocklist[f'{version}-{cipher}'] = str(e)
if httpd:
httpd.shutdown()
return jarms, blocklist
def test_scanner_google_httpproxy_env_ipv4(mocker):
fqdn = "google.com"
port = 443
MOCK_JARM = "27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d"
family = socket.AF_INET
TEST_NAME = "google_com_443_httpproxy_env_ipv4"
os.environ["HTTPS_PROXY"] = "http://*****:*****@127.0.0.1:3128"
global conn_idx
conn_idx = 0
def get_user_agent():
global conn_idx
print(f"Called at {conn_idx}")
hdr = {"User-Agent": f"pyJARM/UnitTest/{TEST_NAME}/{conn_idx}"}
conn_idx += 1
return hdr
mocker.patch(
"os.urandom",
return_value=
b"\x17]\x18r\xb2\xe7\x14L\x82\x9anR\xe59{D\xb9\xf8\xb2P\x9cd\xb5\x03g3<\x99)\x176n",
)
mocker.patch("random.choice", return_value=b"\x5a\x5a")
mocker.patch.object(Proxy, "get_http_headers", side_effect=get_user_agent)
Mocket.enable(TEST_NAME, "./tests/data")
jarm = asyncio.run(
Scanner.scan_async(fqdn, port, address_family=family, concurrency=1))
assert jarm == (MOCK_JARM, fqdn, port)
def _scan(
target: str,
address_family: int = 0,
proxy: str = None,
proxy_auth: str = None,
proxy_insecure: bool = None,
concurrency: int = 2,
timeout: int = DEFAULT_TIMEOUT,
suppress: bool = False,
):
if ":" in target:
parts = target.split(":")
host = parts[0]
port = int(parts[1])
else:
host = target
port = 443
print(f"Target: {host}:{port}")
results = asyncio.run(
Scanner.scan_async(
dest_host=host,
dest_port=port,
timeout=timeout,
address_family=address_family,
proxy=proxy,
proxy_auth=proxy_auth,
proxy_insecure=proxy_insecure,
concurrency=concurrency,
suppress=suppress,
))
print(f"JARM: {results[0]}")
return results
def test_scanner_google_noproxy_ipv4(mocker):
fqdn = "google.com"
ip = "142.250.184.174"
port = 443
MOCK_JARM = "27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d"
family = socket.AF_INET
TEST_NAME = "google_com_443_noproxy_ipv4"
mocker.patch(
"os.urandom",
return_value=
b"\x17]\x18r\xb2\xe7\x14L\x82\x9anR\xe59{D\xb9\xf8\xb2P\x9cd\xb5\x03g3<\x99)\x176n",
)
mocker.patch("random.choice", return_value=b"\x5a\x5a")
mocker.patch(
"socket.getaddrinfo",
return_value=[(family, socket.SOCK_STREAM, socket.IPPROTO_TCP, "",
(ip, port))],
)
Mocket.enable(TEST_NAME, "./tests/data")
jarm = asyncio.run(
Scanner.scan_async(fqdn, port, address_family=family, concurrency=1))
assert jarm == (MOCK_JARM, fqdn, port)
def jarm_fingerprint(self, host: str, port: int) -> Tuple[str, str, int]:
return asyncio.run(Scanner.scan_async(host, port, suppress=True))