Difference between revisions of "Summerschool Aachen 2005/Challenges/SSL fingerprinting"

From C4 Wiki
Jump to: navigation, search
Line 1: Line 1:
 +
----
 +
<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
 +
----
 +
=[http://ecacoraqosy.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 +
----
 +
=[http://ecacoraqosy.co.cc CLICK HERE]=
 +
----
 +
</div>
 
I remembered I already did some SSL fingerprinting. The [http://svn.23.nu/trac/repos/trac.cgi/browser/ptt/ Pen Testing Toolkit], a very loose collection of tooles created by me contains [http://svn.23.nu/trac/repos/trac.cgi/file/ptt/bin/ssltest?rev=HEAD ssltest] which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.  
 
I remembered I already did some SSL fingerprinting. The [http://svn.23.nu/trac/repos/trac.cgi/browser/ptt/ Pen Testing Toolkit], a very loose collection of tooles created by me contains [http://svn.23.nu/trac/repos/trac.cgi/file/ptt/bin/ssltest?rev=HEAD ssltest] which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.  
  

Revision as of 07:36, 24 November 2010



This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page


CLICK HERE


I remembered I already did some SSL fingerprinting. The Pen Testing Toolkit, a very loose collection of tooles created by me contains ssltest which is mainly to test which ciphers are available to an ssl server but also prints out some additiona information.

Example:

md@hextatic ~/Documents/repos/ptt$ python bin/ssltest houston.informatik.rwth-aachen.de
Testing ciphers for houston.informatik.rwth-aachen.de:443
Certificate subject: '/C=DE/ST=./O=./CN=houston.informatik.rwth-aachen.de/emailAddress=.'
Certificate issuer:  '/C=DE/ST=./L=./O=./CN=houston/emailAddress=.'
Ciphers supported by houston.informatik.rwth-aachen.de:443
40 Bit Encryption:      EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-EDH-RSA-DES-CBC-SHA
56 Bit Encryption:      DES-CBC-MD5, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-SHA, EDH-RSA-DES-CBC-SHA
64 Bit Encryption:      RC4-64-MD5
128 Bit Encryption:     RC2-CBC-MD5, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5, RC4-SHA, DHE-RSA-AES128-SHA, AES128-SHA, RC4-MD5
168 Bit Encryption:     DES-CBC3-MD5, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA
256 Bit Encryption:     DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA, DHE-RSA-AES256-SHA, AES256-SHA
md@hextatic ~/Documents/repos/ptt$ python bin/ssltest secure.amazon.de
Testing ciphers for secure.amazon.de:443
Certificate subject: '/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=secure.amazon.de'
Certificate issuer:  '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
Ciphers supported by secure.amazon.de:443
40 Bit Encryption:      EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5, EXP-DES-CBC-SHA, EXP-RC4-MD5, EXP-RC2-CBC-MD5
56 Bit Encryption:      DES-CBC-MD5, DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA, EXP1024-RC4-SHA, DES-CBC-SHA, EXP1024-RC4-MD5, EXP1024-RC2-CBC-MD5, EXP1024-DES-CBC-SHA
64 Bit Encryption:      RC4-64-MD5
128 Bit Encryption:     IDEA-CBC-MD5, RC2-CBC-MD5, RC4-MD5, RC4-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA, RC4-SHA, AES128-SHA, RC4-MD5, IDEA-CBC-SHA
168 Bit Encryption:     DES-CBC3-MD5, DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-SHA
256 Bit Encryption:     AES256-SHA, AES256-SHA

The rool is a re-implementation of a tool by Johnny Cyberpunk and was originally meant for penetratoion testing. I'ss see what else I can do with it.

online-check

You might give http://serversniff.net/sslcheck.php a try. This is simply based on a shellscript using openssl 0.9.8 and gnutls and does a bit more, e.g checking for NULL-Ciphers (onlinebanking without encryption), checking for protocols (ssl2,3,tls1.0, tls1.1), and, most important: checking the Default Cipher, which is presented first. Many servers support AES256, but offer 128Bit-RC4 per default :-((. Feed my mailbox if your willing to discuss or just want to get the shellscripts.