Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
SSL Connection Functions?
swsmith at delmar
Dec 7, 2005, 2:16 PM
Post #1 of 2 (981 views)
Permalink
From: S. Winfield Smith
Del Mar College
Corpus Christi, TX

Del Mar College is hosting the annual Collegiate Cyber Defense Competition
(CCDC) under authority of CIAS, University of Texas, San Antonio. To
learn more, see: www.delmar.edu/ccdc.html Username: "ccdc" Password:
"ccdc" These competitions are going on nationally.

My objective here is to write a NASL script that will grade the
competition.

Specifically: I am trying to test an SSL-enabled server. I get the
certificate OK and check it's hash... so far so good.

Now, I want to open port 443 and retrieve a page. Is there a way to do
this easily in a NASL script?

I have tried:
soc = open_soc_tcp( ssl_port, transport: ENCAPS_IP);
which is successful.

Then I do:
send(socket: soc, data: "GET /some_file.http");
and I get yelled at about speaking HTTP on an SSL connection.

I have also tried using the openssl libraries with pread; I gain the
connection OK, but can't proceed beyond that. I have tried piping and
redirection with no success.

S.W. Smith... who seeks enlightenment.
Re: SSL Connection Functions? [ In reply to ]
deraison at nessus
Dec 7, 2005, 2:52 PM
Post #2 of 2 (903 views)
Permalink
On Dec 7, 2005, at 17:16, Steven W Smith wrote:
>
> My objective here is to write a NASL script that will grade the
> competition.
>
> Specifically: I am trying to test an SSL-enabled server. I get the
> certificate OK and check it's hash... so far so good.
>
> Now, I want to open port 443 and retrieve a page. Is there a way
> to do this easily in a NASL script?
>
> I have tried:
> soc = open_soc_tcp( ssl_port, transport: ENCAPS_IP);
> which is successful.

It opens the TCP connection but does not perform the SSL negociation.
In general, I'd simply recommand to force your plugin to depend on
find_service.nes (which detects SSL) and to make sure you're
portscanning the relevant port. If you do so, then open_sock_tcp()
will negotiate SSL automagically.

In your case, since you know the application, you can force the SSL
negotiation:

soc = open_sock_tcp(ssl_port, transport:ENCAPS_TLSv1);

Then instead of hardcoding your GET request, you probably want to
include http_func.inc so your script becomes :

include("http_func.inc");

soc = open_sock_tcp(ssl_port, transport:ENCAPS_TLSv1);
if ( ! soc ) {
display("Port is closed or SSL negotiation failed\n");
exit(1);
}

send(socket:soc, data:http_get(item:"/some_file.http", port:ssl_port));
r = http_recv(socket:soc);
close(soc);
if (! r ) {
display("No reply from the remote web server\n");
exit(1);
}
else display(r);


Hope this helps,


-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal