forked from jselvi/Delorean
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcrl_checker.py
executable file
·114 lines (94 loc) · 3.21 KB
/
crl_checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env python
import scapy
from scapy.layers.ssl_tls import * # https://github.com/tintinweb/scapy-ssl_tls
from optparse import OptionParser
import re
import socket
import os
import base64, sys
def readPemChainFromFile(fileObj, startMarker='-----BEGIN CERTIFICATE-----', endMarker='-----END CERTIFICATE-----'):
cert_chain = []
state = 0
while 1:
certLine = fileObj.readline()
if not certLine:
break
certLine = certLine.strip()
if state == 0:
if certLine == startMarker:
certLines = []
state = 1
continue
if state == 1:
if certLine == endMarker:
state = 2
else:
certLines.append(certLine)
if state == 2:
substrate = ''
for certLine in certLines:
if sys.version_info[0] <= 2:
substrate = substrate + base64.decodestring(certLine)
else:
if not substrate:
substrate = substrate.encode()
substrate = substrate + base64.decodebytes( certLine.encode() )
cert_chain.append( substrate )
state = 0
return cert_chain
# Usage and options
usage = "usage: %prog [options]"
parser = OptionParser(usage=usage)
parser.add_option("-i", "--interface", type="string", dest="interface", default="0.0.0.0", help="Listening interface")
parser.add_option("-p", "--port", type="int", dest="port", default="443", help="Listening port")
parser.add_option("-c", "--cert", type="string", dest="certfile", help="PEM Certificate File")
(options, args) = parser.parse_args()
ifre = re.compile('[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
# Check options
if (
not options.interface or not ifre.match(options.interface) or
options.port < 1 or options.port > 65535 or
not options.certfile or not os.path.isfile(options.certfile)
):
parser.print_help()
exit()
cert_chain = readPemChainFromFile(open(options.certfile))
s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
s.bind( (options.interface, options.port) )
s.listen(0)
# Wait until Keyboard Interrupt
try:
while True:
(client, address) = s.accept()
client_hello = SSL( client.recv(1024) )
ch_cipher_suites = client_hello.records[0][2].cipher_suites
cs = min( ch_cipher_suites )
random_session_id = os.urandom(32)
server_hello = TLSRecord()/TLSHandshake()/TLSServerHello( session_id=random_session_id, cipher_suite=cs )
client.sendall( str(server_hello) )
#print "--------------------------"
#print str(cert_chain[0])
#print "--------------------------"
#print str(cert_chain[1])
#print "--------------------------"
#print str(cert_chain[2])
#print "--------------------------"
ssl_certificates = []
for cert in cert_chain:
ssl_certificates.append( TLSCertificate(data=cert) )
certificates = TLSRecord()/TLSHandshake()/TLSCertificateList( certificates=ssl_certificates )
client.sendall( str(certificates) )
server_hello_done = TLSRecord()/TLSHandshake()/TLSServerHelloDone(length=0,data='')
client.sendall( str(server_hello_done) )
raw_response = client.recv(1024)
SSL( raw_response ).show()
try:
client.shutdown(socket.SHUT_RDWR)
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
client.close()
continue
except KeyboardInterrupt:
print "Exited"
s.close()