Re: NSE: comm.lua - Question about if a socket is connected over SSL

[Joao Correa <joao () livewire com br>]

Hi Tom,

On Wed, Sep 30, 2009 at 9:28 PM, Tom Sellers <nmap () fadedcode net> wrote:
> I have a question about NSE sockets connecting to ports over SSL.
> I see that comm.tryssl will dynamically connect to a port using SSL
> as appropriate.
>
> socket, response, correctOpt, earlyResp = comm.tryssl(host,port,data,opts)
>
> Am I correct in understanding that the correctOpt return variable will
> contain the information as to if a SSL tunnel was established?  If I
> read correctly this should contain one of tcp, ssl or none?

tryssl is a function that tries to open a connection independently of
it being a SSL tunnel or not (and also independently of what you know
about it).

Since some scripts need to establish more than one connection to the
same service, it is more efficient if we just apply our "heuristics"
once.

Basically the method tries to open a connection using what it
considers the most probable option. After opening the connection, it
tries to exchange some data and if everything is ok, it returns the
socket in the first return value. If the connection is not working,
tryssl attempts another connection using the other protocol.

Choosing which is the best option to try first depends on service
version being used or the port being accessed.

Considering the worst case, where the second connection would be the
correct one, it would be very inefficient to make two attempts always
when you try to open a new connection. For this reason, we return a
string with the correct protocol on the third return value, in case,
correctOpt.
> Also, while reading the documentation [1] for this I see the following
> as the parameters to comm.tryssl
>
>        tryssl (host, port, data, opts, sslservice)
>
> in the current version of comm.lua I see that it only accepts the following
> parameters
>        tryssl (host, port, data, opts)
>
> I am not sure if this code has changed since the docs were last published
> the web, but the in-code (comm.lua) docs match what is on the web, not what
> is in the comm.lua code.  Thoughts?

In a previous implementation of comm.lua, it was explicitly required
that the calling script specify the service name for defining the best
connection option. We changed this in a way that the script uses a
list of common ssl'ed ports instead of a list of common ssl services.
Since the port is required for opening a connection, it is no longer
needed to explicitly specify it. You should ignore the sslservice
param. I'll manage to remove it from the code, thanks a lot for
pointing this out!

Since the docs are automatically generated, this might take some time
for the web docs to be updated.
> Thanks much,
>
> Tom
>
> [1]     http://nmap.org/nsedoc/lib/comm.html#tryssl
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
Thanks again,
João.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org