Nmap Development mailing list archives

Re: Floating a bit of an idea - identifying web server/host OS based on SSL handshake results?

From: David Fifield <david () bamsoftware com>
Date: Fri, 14 May 2010 21:06:31 -0600

On Wed, May 12, 2010 at 01:40:52PM -0500, Dario Ciccarone (dciccaro) wrote:

      We know how the SSL handshake works, cipher/compression
algorithm wise - client establishes connection to server, lists the
cryptographic capabilities of the client in order of preference, server
replies w/ cipher suite/compression algorithm chosen.

      Idea (which needs from testing ;)) - for heavily
firewalled/obfuscated web servers, an NSE script could establish X SSL
connections, each one with a different set of ciphers (permutations on a
given set or mutually exclusive sets), check which one is chosen by the
server.

      My (untested, unproven) theory is that the server-side
preference for one algorithm over another is hard coded/defaults never
changed, and may allow to sort out not only between
Apache/IIS/JSSE-based servers, but maybe between same server revisions.


The ssl-enum-ciphers gets the list of supported ciphers in order.

http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

$ nmap -T2 --script=ssl-enum-ciphers -p 443 apache.org microsoftiis.com localhost -d -Pn -n
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
| ssl-enum-ciphers:
|   SSLv3
|     Ciphers (8)
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.0
|     Ciphers (8)
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|_      uncompressed
Final times for host: srtt: 72402 rttvar: 72402  to: 400000

Nmap scan report for microsoftiis.com (203.31.191.220)
Host is up, received user-set (0.26s latency).
Scanned at 2010-05-14 20:57:58 MDT for 242s
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
| ssl-enum-ciphers:
|   SSLv3
|     Ciphers (10)
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_DES_CBC_SHA
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_DES_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.0
|     Ciphers (10)
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_DES_CBC_SHA
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_DES_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|_      uncompressed
Final times for host: srtt: 259213 rttvar: 259213  to: 1296065

Nmap scan report for localhost (127.0.0.1)
Host is up, received user-set (0.0014s latency).
Scanned at 2010-05-14 20:57:58 MDT for 40s
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
| ssl-enum-ciphers:
|   SSLv3
|     Ciphers (5)
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_IDEA_CBC_SHA
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.0
|     Ciphers (5)
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_IDEA_CBC_SHA
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|_      uncompressed
Final times for host: srtt: 1441 rttvar: 5000  to: 400000

All three lists above are different. (The localhost server is ncat --ssl.)
So yes, I think this is feasible. Maybe you or someone else can collect
signatures for cipher lists, and ssl-enum-ciphers could make a guess.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Floating a bit of an idea - identifying web server/host OS based on SSL handshake results? Dario Ciccarone (dciccaro) (May 12)
- Re: Floating a bit of an idea - identifying web server/host OS based on SSL handshake results? David Fifield (May 14)