Difference between revisions of "Summerschool Aachen 2005/Challenges/SSL fingerprinting"

From C4 Wiki
Jump to: navigation, search
 
Line 1: Line 1:
I remembered I already did some SSL fingerprinting. The [ Pen Testing Toolkit], a very loose collection of tooles created by me contains [ssltest] which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.  
+
I remembered I already did some SSL fingerprinting. The [http://svn.23.nu/trac/repos/trac.cgi/browser/ptt/ Pen Testing Toolkit], a very loose collection of tooles created by me contains [http://svn.23.nu/trac/repos/trac.cgi/file/ptt/bin/ssltest?rev=HEAD ssltest] which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.  
  
 
Example:
 
Example:

Revision as of 17:59, 22 September 2005

I remembered I already did some SSL fingerprinting. The Pen Testing Toolkit, a very loose collection of tooles created by me contains ssltest which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.

Example:

md@hextatic ~/Documents/repos/ptt$ python bin/ssltest houston.informatik.rwth-aachen.de
Testing ciphers for houston.informatik.rwth-aachen.de:443
Certificate subject: '/C=DE/ST=./O=./CN=houston.informatik.rwth-aachen.de/emailAddress=.'
Certificate issuer:  '/C=DE/ST=./L=./O=./CN=houston/emailAddress=.'
Ciphers supported by houston.informatik.rwth-aachen.de:443
40 Bit Encryption:      EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA
56 Bit Encryption:      DES-CBC-MD5, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA
64 Bit Encryption:      RC4-64-MD5
128 Bit Encryption:     RC2-CBC-MD5, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5
168 Bit Encryption:     DES-CBC3-MD5, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA
256 Bit Encryption:     DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA
md@hextatic ~/Documents/repos/ptt$ python bin/ssltest secure.amazon.de
Testing ciphers for secure.amazon.de:443
Certificate subject: '/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=secure.amazon.de'
Certificate issuer:  '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
Ciphers supported by secure.amazon.de:443
40 Bit Encryption:      EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5
56 Bit Encryption:      DES-CBC-MD5, DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA
64 Bit Encryption:      RC4-64-MD5
128 Bit Encryption:     IDEA-CBC-MD5, RC2-CBC-MD5, RC4-MD5, RC4-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA
168 Bit Encryption:     DES-CBC3-MD5, DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-SHA
256 Bit Encryption:     AES256-SHA, AES256-SHA

The rool is a re-implementation of a tool by Johnny Cyberpunk and was originally meant for penetratoion testing. I'ss see what else I can do with it.