Nmap Development mailing list archives
Re: ssl-cert.nse
From: David Fifield <david () bamsoftware com>
Date: Fri, 2 Apr 2010 14:44:13 -0600
On Fri, Apr 02, 2010 at 02:40:03PM -0500, Norris Carden wrote:
I'm looking for a way to determine if a SSL proxy is in place between a system and the web server. I believe the Bluecoat proxy replaces the server SSL certificate with an internal corporate one, but there are man-in-the-middle techniques that forge a certificate practically identical to the one from the server. Can you think of a way this ssl-cert.nse could be used to determine if the certificate is coming from the same address as the web server? Might this also be able to determine if the host side is using a SSL proxy? Is there another script or method that will accomplish this?
If you're connecting to external sites (so that an SSL proxy would not have the private key and would not be able to forge a certificate) you can check if the certificate verifies with Ncat. $ ncat -v --ssl-verify site.com 443 ... Ncat: Certificate verification failed (unable to get local issuer certificate). Depending on what platform you're on, Ncat might be using the system default trust store, which on a company computer might have the Blue Coat certificate trusted. You can force the user of the Ncat-supplied one (which is the same as what comes with Internet Explorer) with --ssl-trustfile. $ ncat -v --ssl-verify site.com 443 --ssl-trustfile /usr/local/share/ncat/ca-bundle.crt Or on Windows: $ ncat -v --ssl-verify site.com 443 --ssl-trustfile "C:\Program Files\Nmap\ca-bundle.crt" Running Ncat with -vvv will give lots of certificate information, and will show you exactly where trusted certificates are being loaded from: NCAT DEBUG: Using trusted CA certificates from /usr/share/ncat/ca-bundle.crt. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ssl-cert.nse Norris Carden (Apr 02)
- Re: ssl-cert.nse Brandon Enright (Apr 02)
- Re: ssl-cert.nse David Fifield (Apr 02)