Nmap Development mailing list archives
[PATCH] Always list SSL in case any SSL connection succeeded
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Sun, 22 Feb 2009 00:04:53 +0100
Hi All,A quick patch for the 'bug' described in http://seclists.org/nmap-dev/2009/q1/0484.html.
"There is still a 'bug', where all detected SSL information will be thrown away in case the SSL server does not respond at all, beyond the SSL handshake. However, because the SSL connections succeeded, Nmap should list these situations as 'ssl/unknown'.This bug can very easily be reproduced by setting up your own OpenSSL server as follows: openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem
This OpenSSL server will listen at 4433 by default, and will not return anything beyond an SSL connection."
It will always print out 'ssl/unknown' whenever an SSL connection succeeds; even if the host does not answer at all.
Cheers, Kristof
diff -urNb nmap-4.85BETA3/service_scan.cc nmap-4.85BETA3_always_print_ssl/service_scan.cc --- nmap-4.85BETA3/service_scan.cc 2008-12-04 18:04:48.000000000 +0100 +++ nmap-4.85BETA3_always_print_ssl/service_scan.cc 2009-02-22 00:03:47.000000000 +0100 @@ -2309,8 +2309,22 @@ *(*svc)->ostype_matched? (*svc)->ostype_matched : NULL, *(*svc)->devicetype_matched? (*svc)->devicetype_matched : NULL, shouldWePrintFingerprint(*svc) ? (*svc)->getServiceFingerprint(NULL) : NULL); - } else { - if ((*svc)->getServiceFingerprint(NULL)) + } else if ((*svc)->tunnel != SERVICE_TUNNEL_NONE){ + /* Always print SSL tunnel, if we detected such a tunnel */ + assert((*svc)->tunnel == SERVICE_TUNNEL_SSL); + + (*svc)->port->setServiceProbeResults((*svc)->probe_state, + (*svc)->probe_matched, + (*svc)->tunnel, + *(*svc)->product_matched? (*svc)->product_matched : NULL, + *(*svc)->version_matched? (*svc)->version_matched : NULL, + *(*svc)->extrainfo_matched? (*svc)->extrainfo_matched : NULL, + *(*svc)->hostname_matched? (*svc)->hostname_matched : NULL, + *(*svc)->ostype_matched? (*svc)->ostype_matched : NULL, + *(*svc)->devicetype_matched? (*svc)->devicetype_matched : NULL, + shouldWePrintFingerprint(*svc) ? (*svc)->getServiceFingerprint(NULL) : NULL); + + }else if ((*svc)->getServiceFingerprint(NULL)){ (*svc)->port->setServiceProbeResults((*svc)->probe_state, NULL, (*svc)->tunnel, NULL, NULL, NULL, NULL, NULL, NULL, (*svc)->getServiceFingerprint(NULL));
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Always list SSL in case any SSL connection succeeded Kristof Boeynaems (Feb 21)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded Kristof Boeynaems (Feb 21)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded David Fifield (Feb 23)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded Kristof Boeynaems (Feb 24)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded Kristof Boeynaems (Feb 24)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded David Fifield (Mar 02)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded Fyodor (Mar 02)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded David Fifield (Mar 02)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded Fyodor (Mar 02)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded David Fifield (Mar 03)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded Kristof Boeynaems (Feb 24)
- Re: [PATCH] Always list SSL in case any SSL connection succeeded David Fifield (Mar 02)