New script tls-ticketbleed. Closes #686

nselib/tls.lua

@@ -1180,6 +1180,20 @@ handshake_parse = {
 
         return b, j
       end,
+
+      NewSessionTicket = function (buffer, j, msg_end, protocol)
+        -- Need 4 bytes for parsing.
+        local have = #buffer - j + 1
+        if have < 4 then
+          return nil, j, 4
+        end
+
+        local b = {}
+        -- Parse body.
+        b.ticket_lifetime_hint, b.ticket, j = unpack(">I4 s2", buffer, j)
+
+        return b, j
+      end,
 }
 
 message_parse = {
@@ -1274,11 +1288,13 @@ end
 ---
 -- Read a SSL/TLS record
 -- @param buffer   The read buffer
--- @param i        The position in the buffer to start reading
+-- @param i        The position in the buffer to start reading (default: 1)
 -- @param fragment Message fragment left over from previous record (nil if none)
 -- @return The current position in the buffer
 -- @return The record that was read, as a table
 function record_read(buffer, i, fragment)
+  i = i or 1
+
   -- Ensure we have enough data for the header.
   if #buffer - i < TLS_RECORD_HEADER_LENGTH then
     return i, nil
@@ -1395,7 +1411,8 @@ function client_hello(t)
   table.insert(b, stdnse.generate_random_string(28))
 
   -- Set the session ID.
-  table.insert(b, '\0')
+  local sid = t["session_id"] or ""
+  table.insert(b, pack(">s1", sid))
 
   -- Cipher suites.
   ciphers = {}