Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[PATCH] Always list SSL in case any SSL connection succeeded
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Sun, 22 Feb 2009 00:04:53 +0100

Hi All,

A quick patch for the 'bug' described in http://seclists.org/nmap-dev/2009/q1/0484.html.

"There is still a 'bug', where all detected SSL information will be
thrown away in case the SSL server does not respond at all, beyond the
SSL handshake. However, because the SSL connections succeeded, Nmap
should list these situations as 'ssl/unknown'.

This bug can very easily be reproduced by setting up your own OpenSSL server as follows: openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem

This OpenSSL server will listen at 4433 by default, and will not return anything beyond an SSL connection."

It will always print out 'ssl/unknown' whenever an SSL connection succeeds; even if the host does not answer at all.

Cheers,

Kristof
diff -urNb nmap-4.85BETA3/service_scan.cc nmap-4.85BETA3_always_print_ssl/service_scan.cc
--- nmap-4.85BETA3/service_scan.cc      2008-12-04 18:04:48.000000000 +0100
+++ nmap-4.85BETA3_always_print_ssl/service_scan.cc     2009-02-22 00:03:47.000000000 +0100
@@ -2309,8 +2309,22 @@
                                          *(*svc)->ostype_matched? (*svc)->ostype_matched : NULL, 
                                          *(*svc)->devicetype_matched? (*svc)->devicetype_matched : NULL, 
                                          shouldWePrintFingerprint(*svc) ? (*svc)->getServiceFingerprint(NULL) : NULL);
-   }  else {
-     if ((*svc)->getServiceFingerprint(NULL))
+   } else if ((*svc)->tunnel != SERVICE_TUNNEL_NONE){
+        /* Always print SSL tunnel, if we detected such a tunnel */
+        assert((*svc)->tunnel == SERVICE_TUNNEL_SSL);
+
+        (*svc)->port->setServiceProbeResults((*svc)->probe_state,
+                                          (*svc)->probe_matched,
+                                          (*svc)->tunnel,
+                                          *(*svc)->product_matched? (*svc)->product_matched : NULL,
+                                          *(*svc)->version_matched? (*svc)->version_matched : NULL,
+                                          *(*svc)->extrainfo_matched? (*svc)->extrainfo_matched : NULL,
+                                          *(*svc)->hostname_matched? (*svc)->hostname_matched : NULL,
+                                          *(*svc)->ostype_matched? (*svc)->ostype_matched : NULL,
+                                          *(*svc)->devicetype_matched? (*svc)->devicetype_matched : NULL,
+                                          shouldWePrintFingerprint(*svc) ? (*svc)->getServiceFingerprint(NULL) : NULL);
+
+    }else if ((*svc)->getServiceFingerprint(NULL)){
        (*svc)->port->setServiceProbeResults((*svc)->probe_state, NULL,
                                            (*svc)->tunnel, NULL, NULL, NULL, NULL, NULL, NULL,
                                            (*svc)->getServiceFingerprint(NULL));

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault