Integraded CBE20162107 Check

Integrated Poodle Check
Integrated TLS-Poodle Check

Author: ic0ns

src/main/java/de/rub/nds/tlsscanner/TLSScanner.java

@@ -16,10 +16,13 @@
 import de.rub.nds.tlsscanner.probe.CertificateProbe;
 import de.rub.nds.tlsscanner.probe.CiphersuiteOrderProbe;
 import de.rub.nds.tlsscanner.probe.CiphersuiteProbe;
+import de.rub.nds.tlsscanner.probe.Cve20162107Probe;
 import de.rub.nds.tlsscanner.probe.HeartbleedProbe;
 import de.rub.nds.tlsscanner.probe.PaddingOracleProbe;
+import de.rub.nds.tlsscanner.probe.PoodleProbe;
 import de.rub.nds.tlsscanner.probe.ProtocolVersionProbe;
 import de.rub.nds.tlsscanner.probe.TLSProbe;
+import de.rub.nds.tlsscanner.probe.TlsPoodleProbe;
 import java.util.LinkedList;
 import java.util.List;
 import org.apache.logging.log4j.Level;
@@ -73,6 +76,9 @@ public SiteReport scan() {
         // testList.add(new NamedCurvesProbe(websiteHost));
         testList.add(new PaddingOracleProbe(config));
         testList.add(new BleichenbacherProbe(config));
+        testList.add(new PoodleProbe(config));
+        testList.add(new TlsPoodleProbe(config));
+        testList.add(new Cve20162107Probe(config));
         // testList.add(new SignatureAndHashAlgorithmProbe(websiteHost));
         ScanJob job = new ScanJob(testList);
         return executor.execute(config, job);

src/main/java/de/rub/nds/tlsscanner/probe/Cve20162107Probe.java

@@ -0,0 +1,46 @@
+/**
+ * TLS-Scanner - A TLS Configuration Analysistool based on TLS-Attacker
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.Cve20162107CommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.Cve20162107Attacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - [email protected]
+ */
+public class Cve20162107Probe extends TLSProbe {
+
+    public Cve20162107Probe(ScannerConfig config) {
+        super(ProbeType.CVE20172107, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting Cve20162107 Probe");
+        Cve20162107CommandConfig poodleCommandConfig = new Cve20162107CommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) poodleCommandConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        Cve20162107Attacker attacker = new Cve20162107Attacker(poodleCommandConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_CVE20162107, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+    }
+
+}

src/main/java/de/rub/nds/tlsscanner/probe/PoodleProbe.java

@@ -0,0 +1,48 @@
+/**
+ * TLS-Scanner - A TLS Configuration Analysistool based on TLS-Attacker
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.PoodleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.PoodleAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - [email protected]
+ */
+public class PoodleProbe extends TLSProbe {
+
+    public PoodleProbe(ScannerConfig config) {
+        super(ProbeType.POODLE, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting Poodle Probe");
+        PoodleCommandConfig poodleCommandConfig = new PoodleCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) poodleCommandConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        PoodleAttacker attacker = new PoodleAttacker(poodleCommandConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_POODLE, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+    }
+
+}

src/main/java/de/rub/nds/tlsscanner/probe/ProbeType.java

@@ -20,6 +20,9 @@ public enum ProbeType {
     BLEICHENBACHER,
     NAMED_CURVES,
     PADDING_ORACLE,
+    CVE20172107,
+    POODLE,
+    TLS_POODLE,
     PROTOCOL_VERSION,
     SIGNATURE_AND_HASH,
 }

src/main/java/de/rub/nds/tlsscanner/probe/TlsPoodleProbe.java

@@ -0,0 +1,50 @@
+/**
+ * TLS-Scanner - A TLS Configuration Analysistool based on TLS-Attacker
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.PoodleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.TLSPoodleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.PoodleAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.TLSPoodleAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - [email protected]
+ */
+public class TlsPoodleProbe extends TLSProbe {
+
+    public TlsPoodleProbe(ScannerConfig config) {
+        super(ProbeType.TLS_POODLE, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting TLS-Poodle Probe");
+        TLSPoodleCommandConfig poodleCommandConfig = new TLSPoodleCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) poodleCommandConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        TLSPoodleAttacker attacker = new TLSPoodleAttacker(poodleCommandConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_TLS_POODLE, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+    }
+
+}

src/main/java/de/rub/nds/tlsscanner/report/check/CheckType.java

@@ -30,4 +30,7 @@ public enum CheckType {
     ATTACK_PADDING,
     ATTACK_BLEICHENBACHER,
     ATTACK_HEARTBLEED,
+    ATTACK_POODLE,
+    ATTACK_TLS_POODLE,
+    ATTACK_CVE20162107
 }