Added empty intolerance probe

ic0ns · ic0ns · commit 92a69af86eee · 2018-01-02T07:27:54.000+01:00
diff --git a/src/main/java/de/rub/nds/tlsscanner/probe/IntoleranceProbe.java b/src/main/java/de/rub/nds/tlsscanner/probe/IntoleranceProbe.java
@@ -0,0 +1,97 @@
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import de.rub.nds.tlsattacker.core.constants.ExtensionType;
+import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.NamedCurve;
+import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
+import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
+import de.rub.nds.tlsattacker.core.workflow.action.executor.WorkflowExecutorType;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.constants.ProbeType;
+import static de.rub.nds.tlsscanner.probe.TlsProbe.LOGGER;
+import de.rub.nds.tlsscanner.report.result.ExtensionResult;
+import de.rub.nds.tlsscanner.report.result.ProbeResult;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - robert.merget@rub.de
+ */
+public class IntoleranceProbe extends TlsProbe {
+
+    public IntoleranceProbe(ScannerConfig config) {
+        super(ProbeType.INTOLERANCES, config, 0);
+    }
+
+    @Override
+    public ProbeResult executeTest() {
+        List<ExtensionType> allSupportedExtensions = getSupportedExtensions();
+        return new ExtensionResult(allSupportedExtensions);
+    }
+
+    public List<ExtensionType> getSupportedExtensions() {
+        List<ExtensionType> allSupportedExtensions = new LinkedList<>();
+        List<ExtensionType> commonExtensions = getCommonExtension();
+        if (commonExtensions != null) {
+            allSupportedExtensions.addAll(commonExtensions);
+        }
+        return allSupportedExtensions;
+    }
+
+    private List<ExtensionType> getCommonExtension() {
+        Config tlsConfig = getScannerConfig().createConfig();
+        List<CipherSuite> cipherSuites = new LinkedList<>();
+        cipherSuites.addAll(Arrays.asList(CipherSuite.values()));
+        cipherSuites.remove(CipherSuite.TLS_FALLBACK_SCSV);
+        tlsConfig.setQuickReceive(true);
+        tlsConfig.setDefaultClientSupportedCiphersuites(cipherSuites);
+        tlsConfig.setHighestProtocolVersion(ProtocolVersion.TLS12);
+        tlsConfig.setEnforceSettings(false);
+        tlsConfig.setEarlyStop(true);
+        tlsConfig.setStopRecievingAfterFatal(true);
+        tlsConfig.setStopActionsAfterFatal(true);
+        tlsConfig.setWorkflowTraceType(WorkflowTraceType.SHORT_HELLO);
+
+        // Dont send extensions if we are in sslv2
+        tlsConfig.setAddECPointFormatExtension(true);
+        tlsConfig.setAddEllipticCurveExtension(true);
+        tlsConfig.setAddHeartbeatExtension(true);
+        tlsConfig.setAddMaxFragmentLengthExtenstion(true);
+        tlsConfig.setAddServerNameIndicationExtension(true);
+        tlsConfig.setAddSignatureAndHashAlgrorithmsExtension(true);
+        tlsConfig.setAddAlpnExtension(true);
+        tlsConfig.setAlpnAnnouncedProtocols(new String[]{"http/1.1", "spdy/1", "spdy/2", "spdy/3", "stun.turn", "stun.nat-discovery", "h2", "h2c", "webrtc", "c-webrtc", "ftp", "imap", "pop3", "managesieve"});
+        tlsConfig.setAddEncryptThenMacExtension(true);
+        tlsConfig.setAddExtendedMasterSecretExtension(true);
+        tlsConfig.setAddRenegotiationInfoExtension(true);
+        tlsConfig.setAddSessionTicketTLSExtension(true);
+        tlsConfig.setAddTruncatedHmacExtension(true);
+        
+        List<NamedCurve> namedCurves = Arrays.asList(NamedCurve.values());
+        tlsConfig.setNamedCurves(namedCurves);
+        State state = new State(tlsConfig);
+        WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(WorkflowExecutorType.DEFAULT,
+                state);
+        try {
+            workflowExecutor.executeWorkflow();
+        } catch (WorkflowExecutionException ex) {
+            LOGGER.debug(ex);
+        }
+        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace())) {
+            return new ArrayList(state.getTlsContext().getNegotiatedExtensionSet());
+        } else {
+            LOGGER.debug("Did not receive a ServerHello, something went wrong or the Server has some intolerance");
+            return null;
+        }
+    }
+}
