Nmap Development mailing list archives

Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL

From: Claudiu Perta <claudiu.perta () gmail com>
Date: Wed, 11 Jun 2014 10:42:58 +0100

1. Expand the script to check all versions (tls.PROTOCOLS) of TLS/SSL, not
just TLSv1.0. The bug is very old, and affects all versions equally. As the
script stands, a server that only supports TLSv1.1 or newer would not show
as vulnerable, even if it is.

2. There is some text in the comments that refers to the ssl-heartbleed
script, which this was modifed from: "try sending the heartbeat anyway"

3. Not necessary, because yours seems to work fine, but you could replace
the receive_alert function with calls to tls.record_buffer and
tls.record_read, since those parse SSL alert messages as well.


I integrated the suggested changes in the new version of the script, in
attachment.

--Claudiu

Attachment: ssl-ccs-injection.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NSE script detecting "CCS Injection" vulnerability in OpenSSL Claudiu Perta (Jun 08)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Daniel Miller (Jun 09)
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Claudiu Perta (Jun 11)
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Daniel Miller (Jun 11)
    - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Daniel Miller (Jun 11)
- Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Kent Fritz (Jun 10)
- <Possible follow-ups>
- Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL vito (Jun 19)
  - Re: NSE script detecting "CCS Injection" vulnerability in OpenSSL Claudiu Perta (Jun 19)