Nmap Development mailing list archives
Re: NSE: comm.lua - Question about if a socket is connected over SSL
From: Joao Correa <joao () livewire com br>
Date: Thu, 1 Oct 2009 00:16:09 -0300
Hi Tom, On Wed, Sep 30, 2009 at 9:28 PM, Tom Sellers <nmap () fadedcode net> wrote:
I have a question about NSE sockets connecting to ports over SSL. I see that comm.tryssl will dynamically connect to a port using SSL as appropriate. socket, response, correctOpt, earlyResp = comm.tryssl(host,port,data,opts) Am I correct in understanding that the correctOpt return variable will contain the information as to if a SSL tunnel was established? If I read correctly this should contain one of tcp, ssl or none?
tryssl is a function that tries to open a connection independently of it being a SSL tunnel or not (and also independently of what you know about it). Since some scripts need to establish more than one connection to the same service, it is more efficient if we just apply our "heuristics" once. Basically the method tries to open a connection using what it considers the most probable option. After opening the connection, it tries to exchange some data and if everything is ok, it returns the socket in the first return value. If the connection is not working, tryssl attempts another connection using the other protocol. Choosing which is the best option to try first depends on service version being used or the port being accessed. Considering the worst case, where the second connection would be the correct one, it would be very inefficient to make two attempts always when you try to open a new connection. For this reason, we return a string with the correct protocol on the third return value, in case, correctOpt.
Also, while reading the documentation [1] for this I see the following as the parameters to comm.tryssl tryssl (host, port, data, opts, sslservice) in the current version of comm.lua I see that it only accepts the following parameters tryssl (host, port, data, opts) I am not sure if this code has changed since the docs were last published the web, but the in-code (comm.lua) docs match what is on the web, not what is in the comm.lua code. Thoughts?
In a previous implementation of comm.lua, it was explicitly required that the calling script specify the service name for defining the best connection option. We changed this in a way that the script uses a list of common ssl'ed ports instead of a list of common ssl services. Since the port is required for opening a connection, it is no longer needed to explicitly specify it. You should ignore the sslservice param. I'll manage to remove it from the code, thanks a lot for pointing this out! Since the docs are automatically generated, this might take some time for the web docs to be updated.
Thanks much, Tom [1] http://nmap.org/nsedoc/lib/comm.html#tryssl _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Thanks again, João. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE: comm.lua - Question about if a socket is connected over SSL Tom Sellers (Sep 30)
- Re: NSE: comm.lua - Question about if a socket is connected over SSL Joao Correa (Sep 30)