Nmap Development mailing list archives
Re: [NSE] ssl-enum-ciphers idea
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sat, 28 Jul 2012 23:59:32 +0200
Well, it could benefit, since there's already code that creates client_hello packet , to which you can add your npn data, and it already has response parsing code, which would probably need to be expanded. Of course, converting this into a library would require some reengineering to make it more friendly for other purposes , but I think it's a waste that all the effort that was put into ssl-enum-ciphers sciprt is wasted and not used by other scripts. For now, I'll write my script by duplicating the code tho, until this is decided. I can easily remove the unneeded code when and if this gets turned into a lib. Aleksandar On 7/28/2012 11:04 PM, Toni Ruottu wrote:
Would tls-nextprotoneg script ( http://nmap.org/nsedoc/scripts/tls-nextprotoneg.html ) benefit from such library? On Sat, Jul 28, 2012 at 4:42 PM, Daniel Miller <bonsaiviking () gmail com> wrote:On Sat, Jul 28, 2012 at 6:02 AM, Aleksandar Nikolic <nikolic.alek () gmail com> wrote:Hi all, I've started working on ssl-date script which gets time from the server which we get in reply for ClientHello. I took a look at ssl-enum-ciphers which is a greedy little script. It has quite a lot of ssl protocol in it which it keeps for its self. It is a really quite complete script. What do you think, would it be a good idea to break this script into a sort of ssl library and make it's functions, constants and enums available to other, future, scripts ? I can see it getting quite useful for some scripts that would check for ssl vulnerabilities and other stuff. As far as I know, currently, there is no way of "speaking ssl" on that level from NSE save for building packets by hand, which ssl-enum-ciphers already does. Aleksandar _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Aleksandar, I think this is a great idea. Collecting the SSL/TLS protocol stuff into a library would make it simpler to see what scripts like ssl-enum-ciphers are doing, as well as enabling some things I was thinking of tackling eventually: Diffie-Hellman prime length, DTLS, etc. Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ssl-enum-ciphers idea Aleksandar Nikolic (Jul 28)
- Re: [NSE] ssl-enum-ciphers idea Daniel Miller (Jul 28)
- Re: [NSE] ssl-enum-ciphers idea Toni Ruottu (Jul 28)
- Re: [NSE] ssl-enum-ciphers idea Aleksandar Nikolic (Jul 28)
- Re: [NSE] ssl-enum-ciphers idea David Fifield (Jul 28)
- Re: [NSE] ssl-enum-ciphers idea Toni Ruottu (Jul 28)
- Re: [NSE] ssl-enum-ciphers idea Daniel Miller (Jul 28)