-
Notifications
You must be signed in to change notification settings - Fork 66
/
crl_checker.py
executable file
·148 lines (127 loc) · 3.96 KB
/
crl_checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#!/usr/bin/env python3
# Jose Selvi - jselvi[a.t]pentester[d0.t]es - http://www.pentester.es
# Greetings for Python3 port to Tristan Rice - https://github.com/d4l3k
# Version 1.0 - 06/Dec/2020
# - Port to Python3.
# - Several style fixes.
import scapy
from scapy.layers.ssl_tls import * # https://github.com/tintinweb/scapy-ssl_tls
from optparse import OptionParser
import re
import socket
import os
import base64, sys
def readPemChainFromFile(
fileObj,
startMarker="-----BEGIN CERTIFICATE-----",
endMarker="-----END CERTIFICATE-----",
):
cert_chain = []
state = 0
while 1:
certLine = fileObj.readline()
if not certLine:
break
certLine = certLine.strip()
if state == 0:
if certLine == startMarker:
certLines = []
state = 1
continue
if state == 1:
if certLine == endMarker:
state = 2
else:
certLines.append(certLine)
if state == 2:
substrate = ""
for certLine in certLines:
if sys.version_info[0] <= 2:
substrate = substrate + base64.decodestring(certLine)
else:
if not substrate:
substrate = substrate.encode()
substrate = substrate + base64.decodebytes(certLine.encode())
cert_chain.append(substrate)
state = 0
return cert_chain
# Usage and options
usage = "usage: %prog [options]"
parser = OptionParser(usage=usage)
parser.add_option(
"-i",
"--interface",
type="string",
dest="interface",
default="0.0.0.0",
help="Listening interface",
)
parser.add_option(
"-p", "--port", type="int", dest="port", default="443", help="Listening port"
)
parser.add_option(
"-c", "--cert", type="string", dest="certfile", help="PEM Certificate File"
)
(options, args) = parser.parse_args()
ifre = re.compile("[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")
# Check options
if (
not options.interface
or not ifre.match(options.interface)
or options.port < 1
or options.port > 65535
or not options.certfile
or not os.path.isfile(options.certfile)
):
parser.print_help()
exit()
cert_chain = readPemChainFromFile(open(options.certfile))
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((options.interface, options.port))
s.listen(0)
# Wait until Keyboard Interrupt
try:
while True:
(client, address) = s.accept()
client_hello = SSL(client.recv(1024))
ch_cipher_suites = client_hello.records[0][2].cipher_suites
cs = min(ch_cipher_suites)
random_session_id = os.urandom(32)
server_hello = (
TLSRecord()
/ TLSHandshake()
/ TLSServerHello(session_id=random_session_id, cipher_suite=cs)
)
client.sendall(str(server_hello))
# print "--------------------------"
# print str(cert_chain[0])
# print "--------------------------"
# print str(cert_chain[1])
# print "--------------------------"
# print str(cert_chain[2])
# print "--------------------------"
ssl_certificates = []
for cert in cert_chain:
ssl_certificates.append(TLSCertificate(data=cert))
certificates = (
TLSRecord()
/ TLSHandshake()
/ TLSCertificateList(certificates=ssl_certificates)
)
client.sendall(str(certificates))
server_hello_done = (
TLSRecord() / TLSHandshake() / TLSServerHelloDone(length=0, data="")
)
client.sendall(str(server_hello_done))
raw_response = client.recv(1024)
SSL(raw_response).show()
try:
client.shutdown(socket.SHUT_RDWR)
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
client.close()
continue
except KeyboardInterrupt:
print("Exited")
s.close()