Difference between revisions of "Summerschool Aachen 2005/Challenges/SSL fingerprinting"
Line 27: | Line 27: | ||
The rool is a re-implementation of a [http://www.thc.org/news.php?q=+remote+ssl+stack tool by Johnny Cyberpunk] and was originally meant for penetratoion testing. I'ss see what else I can do with it. | The rool is a re-implementation of a [http://www.thc.org/news.php?q=+remote+ssl+stack tool by Johnny Cyberpunk] and was originally meant for penetratoion testing. I'ss see what else I can do with it. | ||
+ | |||
+ | == online-check == | ||
+ | You might give http://serversniff.net/sslcheck.php a try. | ||
+ | This is simply based on a shellscript using openssl 0.9.8 and gnutls and does a bit more, e.g checking for NULL-Ciphers (onlinebanking without encryption), checking for protocols (ssl2,3,tls1.0, tls1.1), and, most important: checking the '''Default Cipher''', which is presented first. Many servers support AES256, but offer 128Bit-RC4 per default :-((. Feed my mailbox if your willing to discuss or just want to get the shellscripts. | ||
+ | [[Category:Summerschools]] |
Revision as of 09:40, 24 September 2005
I remembered I already did some SSL fingerprinting. The Pen Testing Toolkit, a very loose collection of tooles created by me contains ssltest which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.
Example:
md@hextatic ~/Documents/repos/ptt$ python bin/ssltest houston.informatik.rwth-aachen.de Testing ciphers for houston.informatik.rwth-aachen.de:443 Certificate subject: '/C=DE/ST=./O=./CN=houston.informatik.rwth-aachen.de/emailAddress=.' Certificate issuer: '/C=DE/ST=./L=./O=./CN=houston/emailAddress=.' Ciphers supported by houston.informatik.rwth-aachen.de:443 40 Bit Encryption: EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA 56 Bit Encryption: DES-CBC-MD5, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA 64 Bit Encryption: RC4-64-MD5 128 Bit Encryption: RC2-CBC-MD5, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5 168 Bit Encryption: DES-CBC3-MD5, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA 256 Bit Encryption: DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA md@hextatic ~/Documents/repos/ptt$ python bin/ssltest secure.amazon.de Testing ciphers for secure.amazon.de:443 Certificate subject: '/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=secure.amazon.de' Certificate issuer: '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' Ciphers supported by secure.amazon.de:443 40 Bit Encryption: EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5 56 Bit Encryption: DES-CBC-MD5, DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA 64 Bit Encryption: RC4-64-MD5 128 Bit Encryption: IDEA-CBC-MD5, RC2-CBC-MD5, RC4-MD5, RC4-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA 168 Bit Encryption: DES-CBC3-MD5, DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-SHA 256 Bit Encryption: AES256-SHA, AES256-SHA
The rool is a re-implementation of a tool by Johnny Cyberpunk and was originally meant for penetratoion testing. I'ss see what else I can do with it.
online-check
You might give http://serversniff.net/sslcheck.php a try. This is simply based on a shellscript using openssl 0.9.8 and gnutls and does a bit more, e.g checking for NULL-Ciphers (onlinebanking without encryption), checking for protocols (ssl2,3,tls1.0, tls1.1), and, most important: checking the Default Cipher, which is presented first. Many servers support AES256, but offer 128Bit-RC4 per default :-((. Feed my mailbox if your willing to discuss or just want to get the shellscripts.