Skip to content

Commit d638843

Browse files
drwetterdrwetter
authored
Merge pull request #2858 from testssl/code2network_socksend_x
Slightly improved strings @ pre-socket handling
2 parents 6c045e0 + eb75ac2 commit d638843

File tree

1 file changed

+40
-27
lines changed

1 file changed

+40
-27
lines changed

testssl.sh

Lines changed: 40 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -5089,7 +5089,7 @@ client_simulation_sockets() {
50895089
fi
50905090

50915091
debugme echo -n "requesting more server hello data... "
5092-
socksend "" $USLEEP_SND
5092+
socksend_x "" $USLEEP_SND
50935093
sockread 32768
50945094

50955095
next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -11972,7 +11972,7 @@ starttls_postgres_dialog() {
1197211972
local starttls_init=", x00, x00 ,x00 ,x08 ,x04 ,xD2 ,x16 ,x2F"
1197311973

1197411974
debugme echo "=== starting postgres STARTTLS dialog ==="
11975-
socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
11975+
socksend_x "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
1197611976
starttls_io "" S 1 && debugme echo "${debugpad}received ack (=\"S\") for STARTTLS"
1197711977
ret=$?
1197811978
debugme echo "=== finished postgres STARTTLS dialog with ${ret} ==="
@@ -11996,7 +11996,7 @@ starttls_ldap_dialog() {
1199611996
x31, x2e, x34, x2e, x31, x2e, x31, x34, x36, x36, x2e, x32, x30, x30, x33, x37" # OID for STATRTTLS = "1.3.6.1.4.1.1466.20037"
1199711997

1199811998
debugme echo "=== starting LDAP STARTTLS dialog ==="
11999-
socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
11999+
socksend_x "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
1200012000
buffer=$(sockread_fast 256)
1200112001
[[ $DEBUG -ge 4 ]] && safe_echo "$debugpad $buffer\n"
1200212002

@@ -12065,7 +12065,7 @@ starttls_mysql_dialog() {
1206512065
x00, x00, x00, x00, x00, x00, x00"
1206612066

1206712067
debugme echo "=== starting mysql STARTTLS dialog ==="
12068-
socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
12068+
socksend_x "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
1206912069
starttls_just_read 1 "read succeeded"
1207012070
# 1 is the timeout value which only MySQL needs. Note, there seems no response whether STARTTLS
1207112071
# succeeded. We could try harder, see https://github.com/openssl/openssl/blob/master/apps/s_client.c
@@ -12090,8 +12090,8 @@ starttls_telnet_dialog() {
1209012090
"
1209112091

1209212092
debugme echo "=== starting telnet STARTTLS dialog ==="
12093-
socksend "${msg1}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
12094-
socksend "${msg2}" 1 &&
12093+
socksend_x "${msg1}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
12094+
socksend_x "${msg2}" 1 &&
1209512095
tnres=$(sockread_fast 20) && debugme echo "read succeeded"
1209612096
[[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $tnres\n"
1209712097
# check for START_TLS and FOLLOWS
@@ -12265,20 +12265,34 @@ send_close_notify() {
1226512265

1226612266
debugme echo "sending close_notify..."
1226712267
if [[ $detected_tlsversion == 0300 ]]; then
12268-
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
12268+
socksend_x ",x15, x03, x00, x00, x02, x02, x00" 0
1226912269
else
12270-
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
12270+
socksend_x ",x15, x03, x01, x00, x02, x02, x00" 0
1227112271
fi
1227212272
}
1227312273

12274-
# Format string properly for socket
12275-
# ARG1: any commented sequence of two bytes hex, separated by commas. It can contain comments, new lines, tabs and white spaces
12274+
# Format passed multiline string properly for socket
12275+
# ARG1: any commented multiline sequence of two bytes hex, separated by commas.
12276+
# It can contain comments, new lines, tabs (shouldn't be there), blanks
12277+
#
1227612278
# NW_STR holds the global with the string prepared for printf, like '\x16\x03\x03\'
12279+
#
1227712280
code2network() {
12278-
NW_STR=$(sed -e 's/,/\\\x/g' <<< "$1" | sed -e 's/# .*$//g' -e 's/ //g' -e '/^$/d' | tr -d '\n' | tr -d '\t')
12281+
NW_STR="${1//$'\t'/}"
12282+
NW_STR=$(sed -e 's/,/\\\x/g' -e 's/# .*$//g' -e 's/ //g' -e '/^$/d' <<< "${NW_STR}")
12283+
NW_STR="${NW_STR//$'\n'/}"
1227912284
}
1228012285

12286+
1228112287
# sockets inspired by https://blog.chris007.de/using-bash-for-network-socket-operation/
12288+
# Now there are two functions which converts sequence of multiline bytes and send it to the opened
12289+
# bash sockets:
12290+
# socksend_clienthello(): uses just blocks of bytes separated by commas
12291+
# socksend_x(): uses just blocks of bytes separated by commas with leading x
12292+
#
12293+
# at some point of time this should be cleaned up
12294+
12295+
1228212296
# ARG1: hexbytes separated by commas, with a leading comma
1228312297
# ARG2: seconds to sleep
1228412298
#
@@ -12297,11 +12311,10 @@ socksend_clienthello() {
1229712311
sleep $USLEEP_SND
1229812312
}
1229912313

12300-
12301-
# ARG1: hexbytes -- preceded by x -- separated by commas, with a leading comma
12314+
# ARG1: hexbytes with leading x (thus the name) separated by commas, with a leading comma.
1230212315
# ARG2: seconds to sleep
1230312316
#
12304-
socksend() {
12317+
socksend_x() {
1230512318
local data line
1230612319

1230712320
# read line per line and strip comments (bash internal func can't handle multiline statements
@@ -15984,7 +15997,7 @@ sslv2_sockets() {
1598415997
mv "$SOCK_REPLY_FILE" "$sock_reply_file2"
1598515998

1598615999
debugme echo -n "requesting more server hello data... "
15987-
socksend "" $USLEEP_SND
16000+
socksend_x "" $USLEEP_SND
1598816001
sockread 32768
1598916002

1599016003
[[ ! -s "$SOCK_REPLY_FILE" ]] && break
@@ -16700,7 +16713,7 @@ resend_if_hello_retry_request() {
1670016713
if [[ "$server_version" == 0304 ]] || [[ 0x$server_version -ge 0x7f16 ]]; then
1670116714
# Send a dummy change cipher spec for middlebox compatibility.
1670216715
debugme echo -en "\nsending dummy change cipher spec... "
16703-
socksend ", x14, x03, x03 ,x00, x01, x01" 0
16716+
socksend_x ", x14, x03, x03 ,x00, x01, x01" 0
1670416717
fi
1670516718
debugme echo -en "\nsending second client hello... "
1670616719
second_clienthello="$(modify_clienthello "$original_clienthello" "$new_key_share" "$cookie")"
@@ -16809,7 +16822,7 @@ tls_sockets() {
1680916822
fi
1681016823

1681116824
debugme echo -n "requesting more server hello data... "
16812-
socksend "" $USLEEP_SND
16825+
socksend_x "" $USLEEP_SND
1681316826
sockread 32768
1681416827

1681516828
next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -17039,7 +17052,7 @@ send_app_data() {
1703917052
for (( i=0; i < len; i+=2 )); do
1704017053
data+=",x${res:i:2}"
1704117054
done
17042-
socksend "$data" $USLEEP_SND
17055+
socksend_x "$data" $USLEEP_SND
1704317056
}
1704417057

1704517058
# Receive application data from a TLS 1.3 channel that has already been created.
@@ -17164,7 +17177,7 @@ run_heartbleed(){
1716417177
tls_sockets "${tls_hexcode:6:2}" "" "ephemeralkey" "" "" "false"
1716517178

1716617179
[[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:"
17167-
socksend "$heartbleed_payload" 1
17180+
socksend_x "$heartbleed_payload" 1
1716817181
sockread 16384 $HEARTBLEED_MAX_WAITSOCK
1716917182
if [[ $? -eq 3 ]]; then
1717017183
append=", timed out"
@@ -17299,7 +17312,7 @@ run_ccs_injection(){
1729917312

1730017313
# we now make a standard handshake ...
1730117314
debugme echo -n "sending client hello... "
17302-
socksend "$client_hello" 1
17315+
socksend_x "$client_hello" 1
1730317316

1730417317
debugme echo "reading server hello... "
1730517318
sockread 32768
@@ -17310,7 +17323,7 @@ run_ccs_injection(){
1731017323
fi
1731117324
rm "$SOCK_REPLY_FILE"
1731217325
# ... and then send the change cipher spec message
17313-
socksend "$ccs_message" 1 || ok_ids
17326+
socksend_x "$ccs_message" 1 || ok_ids
1731417327
sockread 4096 $CCS_MAX_WAITSOCK
1731517328
if [[ $DEBUG -ge 3 ]]; then
1731617329
tmln_out "\n1st reply: "
@@ -17320,7 +17333,7 @@ run_ccs_injection(){
1732017333
fi
1732117334
rm "$SOCK_REPLY_FILE"
1732217335

17323-
socksend "$ccs_message" 2 || ok_ids
17336+
socksend_x "$ccs_message" 2 || ok_ids
1732417337
sockread 4096 $CCS_MAX_WAITSOCK
1732517338
retval=$?
1732617339

@@ -17600,7 +17613,7 @@ run_ticketbleed() {
1760017613
for i in 1 2 3; do
1760117614
fd_socket 5 || return 6
1760217615
debugme echo -n "sending client hello... "
17603-
socksend "$client_hello" 0
17616+
socksend_x "$client_hello" 0
1760417617

1760517618
debugme echo "reading server hello (ticketbleed reply)... "
1760617619
if "$FAST_SOCKET"; then
@@ -20649,9 +20662,9 @@ run_robot() {
2064920662
hexdump -v -e '16/1 "%02x"')"
2065020663
if [[ -z "$encrypted_pms" ]]; then
2065120664
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
20652-
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
20665+
socksend_x ",x15, x03, x00, x00, x02, x02, x00" 0
2065320666
else
20654-
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
20667+
socksend_x ",x15, x03, x01, x00, x02, x02, x00" 0
2065520668
fi
2065620669
close_socket 5
2065720670
prln_fixme "Conversion of public key failed around line $((LINENO - 9))"
@@ -20682,10 +20695,10 @@ run_robot() {
2068220695

2068320696
if "$send_ccs_finished"; then
2068420697
debugme echo -en "\nsending client key exchange, change cipher spec, finished... "
20685-
socksend "$client_key_exchange$change_cipher_spec$finished" $USLEEP_SND
20698+
socksend_x "$client_key_exchange$change_cipher_spec$finished" $USLEEP_SND
2068620699
else
2068720700
debugme echo -en "\nsending client key exchange... "
20688-
socksend "$client_key_exchange" $USLEEP_SND
20701+
socksend_x "$client_key_exchange" $USLEEP_SND
2068920702
fi
2069020703
debugme echo "reading server error response..."
2069120704
start_time=$(LC_ALL=C date "+%s")

0 commit comments

Comments
 (0)