PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-16 20:59:02 +00:00
Code Issues Projects Releases Wiki Activity

Add server certificate message parsing to tls.lua

Browse Source
This commit is contained in:
dmiller
2014-11-05 05:55:54 +00:00
parent 2871ba3e6c
commit f365b81c23
1 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
nselib/tls.lua
View File

@@ -678,7 +678,7 @@ function cipher_info (c)
info.dh = true info.dh = true
info.kex = t info.kex = t
elseif t == "PSK" then elseif t == "PSK" then
info.kex = info.kex or t info.kex = (info.kex and info.kex .. "_" .. t) or t
info.server_auth = info.server_auth or t info.server_auth = info.server_auth or t
elseif t == "EXPORT" or t == "EXPORT1024" then elseif t == "EXPORT" or t == "EXPORT1024" then
info.export = t info.export = t
@@ -789,6 +789,13 @@ local function find_key(t, value)
return nil return nil
end end
-- Helper function to unpack a 3-byte integer value
local function unpack_3byte (buffer, pos)
local low, high
pos, high, low = bin.unpack("C>S", buffer, pos)
return pos, low + high * 0x10000
end
--- ---
-- Read a SSL/TLS record -- Read a SSL/TLS record
-- @param buffer The read buffer -- @param buffer The read buffer
@@ -855,10 +862,9 @@ function record_read(buffer, i)
elseif h["type"] == "handshake" then elseif h["type"] == "handshake" then
-- Parse body. -- Parse body.
j, b["type"] = bin.unpack("C", buffer, j) j, b["type"] = bin.unpack("C", buffer, j)
local blen, blen_upper local msg_end
j, blen_upper, blen = bin.unpack("C>S", buffer, j) j, msg_end = unpack_3byte(buffer, j)
blen = blen + blen_upper * 0x10000 msg_end = msg_end + j
local msg_end = j + blen
-- Convert to human-readable form. -- Convert to human-readable form.
b["type"] = find_key(TLS_HANDSHAKETYPE_REGISTRY, b["type"]) b["type"] = find_key(TLS_HANDSHAKETYPE_REGISTRY, b["type"])
@@ -890,10 +896,30 @@ function record_read(buffer, i)
b["protocol"] = find_key(PROTOCOLS, b["protocol"]) b["protocol"] = find_key(PROTOCOLS, b["protocol"])
b["cipher"] = find_key(CIPHERS, b["cipher"]) b["cipher"] = find_key(CIPHERS, b["cipher"])
b["compressor"] = find_key(COMPRESSORS, b["compressor"]) b["compressor"] = find_key(COMPRESSORS, b["compressor"])
elseif b["type"] == "certificate" then
local cert_end
j, cert_end = unpack_3byte(buffer, j)
cert_end = cert_end + j
if cert_end > msg_end then
stdnse.debug2("server_certificate length > handshake body length!")
end
b["certificates"] = {}
while j < cert_end do
local cert_len, cert
j, cert_len = unpack_3byte(buffer, j)
j, cert = bin.unpack("A" .. cert_len, buffer, j)
-- parse these with sslcert.parse_ssl_certificate
table.insert(b["certificates"], cert)
end
elseif b["type"] == "certificate_request" then
local num_types
j, num_types = bin.unpack("C", buffer, j)
for i = 1, num_types do
end
else else
-- TODO: implement other handshake message types -- TODO: implement other handshake message types
stdnse.debug2("Unknown handshake message type: %s", b["type"]) stdnse.debug2("Unknown handshake message type: %s", b["type"])
j = msg_end j, b["data"] = bin.unpack("A" .. msg_end - j, buffer, j)
end end
elseif h["type"] == "heartbeat" then elseif h["type"] == "heartbeat" then
j, b["type"], b["payload_length"] = bin.unpack("C>S", buffer, j) j, b["type"], b["payload_length"] = bin.unpack("C>S", buffer, j)