Re: [Plugins-writers] SSL Connection Functions?

From: Renaud Deraison (deraison@private)
Date: Wed Dec 07 2005 - 14:52:21 PST


On Dec 7, 2005, at 17:16, Steven W Smith wrote:
>
> My objective here is to write a NASL script that will grade the  
> competition.
>
> Specifically: I am trying to test an SSL-enabled server.  I get the  
> certificate OK and check it's hash... so far so good.
>
> Now, I want to open port 443 and retrieve a page.  Is there a way  
> to do this easily in a NASL script?
>
> I have tried:
>         soc = open_soc_tcp( ssl_port, transport: ENCAPS_IP);
> which is successful.

It opens the TCP connection but does not perform the SSL negociation.  
In general, I'd simply recommand to force your plugin to depend on  
find_service.nes (which detects SSL) and to make sure you're  
portscanning the relevant port. If you do so, then open_sock_tcp()  
will negotiate SSL automagically.

In your case, since you know the application, you can force the SSL  
negotiation:

  soc = open_sock_tcp(ssl_port, transport:ENCAPS_TLSv1);

Then instead of hardcoding your GET request, you probably want to  
include http_func.inc so your script becomes :

include("http_func.inc");

soc = open_sock_tcp(ssl_port, transport:ENCAPS_TLSv1);
if ( ! soc ) {
   display("Port is closed or SSL negotiation failed\n");
   exit(1);
  }

send(socket:soc, data:http_get(item:"/some_file.http", port:ssl_port));
r = http_recv(socket:soc);
close(soc);
if (! r ) {
  display("No reply from the remote web server\n");
  exit(1);
}
else display(r);


Hope this helps,


				-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Wed Dec 07 2005 - 14:54:24 PST