Difference between revisions of "Summerschool Aachen 2005/Challenges/SSL fingerprinting"
Oxudocopaj (talk | contribs) |
m (Reverted edits by Oxudocopaj (talk) to last revision by 217.80.19.246) |
||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
I remembered I already did some SSL fingerprinting. The [http://svn.23.nu/trac/repos/trac.cgi/browser/ptt/ Pen Testing Toolkit], a very loose collection of tooles created by me contains [http://svn.23.nu/trac/repos/trac.cgi/file/ptt/bin/ssltest?rev=HEAD ssltest] which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information. | I remembered I already did some SSL fingerprinting. The [http://svn.23.nu/trac/repos/trac.cgi/browser/ptt/ Pen Testing Toolkit], a very loose collection of tooles created by me contains [http://svn.23.nu/trac/repos/trac.cgi/file/ptt/bin/ssltest?rev=HEAD ssltest] which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information. | ||
Latest revision as of 17:36, 24 November 2010
I remembered I already did some SSL fingerprinting. The Pen Testing Toolkit, a very loose collection of tooles created by me contains ssltest which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.
Example:
md@hextatic ~/Documents/repos/ptt$ python bin/ssltest houston.informatik.rwth-aachen.de Testing ciphers for houston.informatik.rwth-aachen.de:443 Certificate subject: '/C=DE/ST=./O=./CN=houston.informatik.rwth-aachen.de/emailAddress=.' Certificate issuer: '/C=DE/ST=./L=./O=./CN=houston/emailAddress=.' Ciphers supported by houston.informatik.rwth-aachen.de:443 40 Bit Encryption: EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA 56 Bit Encryption: DES-CBC-MD5, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA 64 Bit Encryption: RC4-64-MD5 128 Bit Encryption: RC2-CBC-MD5, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5 168 Bit Encryption: DES-CBC3-MD5, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA 256 Bit Encryption: DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA md@hextatic ~/Documents/repos/ptt$ python bin/ssltest secure.amazon.de Testing ciphers for secure.amazon.de:443 Certificate subject: '/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=secure.amazon.de' Certificate issuer: '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' Ciphers supported by secure.amazon.de:443 40 Bit Encryption: EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5 56 Bit Encryption: DES-CBC-MD5, DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA 64 Bit Encryption: RC4-64-MD5 128 Bit Encryption: IDEA-CBC-MD5, RC2-CBC-MD5, RC4-MD5, RC4-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA 168 Bit Encryption: DES-CBC3-MD5, DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-SHA 256 Bit Encryption: AES256-SHA, AES256-SHA
The rool is a re-implementation of a tool by Johnny Cyberpunk and was originally meant for penetratoion testing. I'ss see what else I can do with it.
online-check
You might give http://serversniff.net/sslcheck.php a try. This is simply based on a shellscript using openssl 0.9.8 and gnutls and does a bit more, e.g checking for NULL-Ciphers (onlinebanking without encryption), checking for protocols (ssl2,3,tls1.0, tls1.1), and, most important: checking the Default Cipher, which is presented first. Many servers support AES256, but offer 128Bit-RC4 per default :-((. Feed my mailbox if your willing to discuss or just want to get the shellscripts.