Added new more Aggresive Probes (Bleichenbacher PaddingOracle, Heartbleed)

Author: ic0ns

pom.xml

@@ -11,6 +11,11 @@
             <artifactId>TLS-Core</artifactId>
             <version>2.0Beta4</version>
         </dependency>
+        <dependency>
+            <groupId>de.rub.nds.tlsattacker</groupId>
+            <artifactId>Attacks</artifactId>
+            <version>2.0Beta4</version>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

src/main/java/de/rub/nds/tlsscanner/ScanJobExecutor.java

@@ -47,6 +47,7 @@ public SiteReport execute(ScannerConfig config, ScanJob scanJob) {
                 resultList.add(probeResult.get());
             } catch (InterruptedException | ExecutionException ex) {
                 LOGGER.warn("Encoutered Exception while retrieving probeResult");
+                ex.printStackTrace();
                 LOGGER.warn(ex);
             }
         }

src/main/java/de/rub/nds/tlsscanner/TLSScanner.java

@@ -11,10 +11,13 @@
 import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.probe.BleichenbacherProbe;
 import de.rub.nds.tlsscanner.report.SiteReport;
 import de.rub.nds.tlsscanner.probe.CertificateProbe;
 import de.rub.nds.tlsscanner.probe.CiphersuiteOrderProbe;
 import de.rub.nds.tlsscanner.probe.CiphersuiteProbe;
+import de.rub.nds.tlsscanner.probe.HeartbleedProbe;
+import de.rub.nds.tlsscanner.probe.PaddingOracleProbe;
 import de.rub.nds.tlsscanner.probe.ProtocolVersionProbe;
 import de.rub.nds.tlsscanner.probe.TLSProbe;
 import java.util.LinkedList;
@@ -49,10 +52,14 @@ public TLSScanner(ScannerConfig config) {
         this.config = config;
         if (config.getGeneralDelegate().getLogLevel() == Level.ALL) {
             Configurator.setAllLevels("de.rub.nds.tlsattacker", Level.ALL);
+            Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.ALL);
+
         } else if (config.getGeneralDelegate().getLogLevel() == Level.TRACE) {
             Configurator.setAllLevels("de.rub.nds.tlsattacker", Level.INFO);
+            Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.INFO);
         } else {
             Configurator.setAllLevels("de.rub.nds.tlsattacker", Level.OFF);
+            Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.OFF);
         }
     }
 
@@ -62,9 +69,10 @@ public SiteReport scan() {
         testList.add(new ProtocolVersionProbe(config));
         testList.add(new CiphersuiteProbe(config));
         testList.add(new CiphersuiteOrderProbe(config));
-        // testList.add(new HeartbleedProbe(websiteHost));
+        testList.add(new HeartbleedProbe(config));
         // testList.add(new NamedCurvesProbe(websiteHost));
-        // testList.add(new PaddingOracleProbe(websiteHost));
+        testList.add(new PaddingOracleProbe(config));
+        testList.add(new BleichenbacherProbe(config));
         // testList.add(new SignatureAndHashAlgorithmProbe(websiteHost));
         ScanJob job = new ScanJob(testList);
         return executor.execute(config, job);

src/main/java/de/rub/nds/tlsscanner/probe/BleichenbacherProbe.java

@@ -0,0 +1,46 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.BleichenbacherCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.HeartbleedCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.BleichenbacherAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.HeartbleedAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget <[email protected]>
+ */
+public class BleichenbacherProbe extends TLSProbe {
+
+    public BleichenbacherProbe(ScannerConfig config) {
+        super(ProbeType.BLEICHENBACHER, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting BleichenbacherProbe");
+        BleichenbacherCommandConfig bleichenbacherConfig = new BleichenbacherCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) bleichenbacherConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        BleichenbacherAttacker attacker = new BleichenbacherAttacker(bleichenbacherConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_BLEICHENBACHER, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+
+    }
+
+}

src/main/java/de/rub/nds/tlsscanner/probe/HeartbleedProbe.java

@@ -8,8 +8,18 @@
  */
 package de.rub.nds.tlsscanner.probe;
 
+import de.rub.nds.tlsattacker.attacks.config.HeartbleedCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.HeartbleedAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
 import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  *
@@ -23,7 +33,19 @@ public HeartbleedProbe(ScannerConfig config) {
 
     @Override
     public ProbeResult call() {
-        throw new UnsupportedOperationException("Not supported yet.");
+        LOGGER.debug("Starting HeartbleedProbe");
+        HeartbleedCommandConfig heartbleedConfig = new HeartbleedCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) heartbleedConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        HeartbleedAttacker attacker = new HeartbleedAttacker(heartbleedConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        if (vulnerable == null) {
+            vulnerable = false;
+        }
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_HEARTBLEED, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
     }
 
 }

src/main/java/de/rub/nds/tlsscanner/probe/PaddingOracleProbe.java

@@ -8,8 +8,16 @@
  */
 package de.rub.nds.tlsscanner.probe;
 
+import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
 import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  *
@@ -23,7 +31,16 @@ public PaddingOracleProbe(ScannerConfig config) {
 
     @Override
     public ProbeResult call() {
-        throw new UnsupportedOperationException("Not supported yet.");
+        LOGGER.debug("Starting BleichenbacherProbe");
+        PaddingOracleCommandConfig paddingOracleConfig = new PaddingOracleCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) paddingOracleConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        PaddingOracleAttacker attacker = new PaddingOracleAttacker(paddingOracleConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_PADDING, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
     }
 
 }

src/main/java/de/rub/nds/tlsscanner/probe/ProbeType.java

@@ -17,6 +17,7 @@ public enum ProbeType {
     CIPHERSUITE_ORDER,
     CIPHERSUITE,
     HEARTBLEED,
+    BLEICHENBACHER,
     NAMED_CURVES,
     PADDING_ORACLE,
     PROTOCOL_VERSION,

src/main/java/de/rub/nds/tlsscanner/report/check/CheckType.java

@@ -27,4 +27,7 @@ public enum CheckType {
     CIPHERSUITEORDER_ENFORCED,
     PROTOCOLVERSION_SSL2,
     PROTOCOLVERSION_SSL3,
+    ATTACK_PADDING,
+    ATTACK_BLEICHENBACHER,
+    ATTACK_HEARTBLEED,
 }