Nmap Development mailing list archives

Re: [NSE] tls-nextprotoneg

From: Hani Benhabiles <kroosec () gmail com>
Date: Sat, 07 Jul 2012 01:38:09 +0100

On 07/06/2012 11:38 AM, Toni Ruottu wrote:

Beautiful! Did you have to implement a full tls library to do this?

On Fri, Jul 6, 2012 at 12:21 PM, Hani Benhabiles<kroosec () gmail com>  wrote:

Hi list,

description = [[
Enumerates a TLS server's supported protocols by using the next protocol
negotiation extension.

This works by adding the next protocol negotiation extension in the client
hello
packet and looking for the presence of certain protocols in the server
hello's
NPN extension data.

For more information , see:
     *https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-03
]]

  ---
  -- @usage
  -- nmap --script=tls-nextprotoneg <targets>
  --
  --@output
  -- 443/tcp open  https
  -- | tls-nextprotoneg:
  -- |   spdy/3
  -- |   spdy/2
  -- |_  http/1.1

Tests and feedback are welcome.

Cheers,
Hani.

--
Hani Benhabiles

Twitter:https://twitter.com/#!/kroosec
Blog:http://kroosec.blogspot.com


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived athttp://seclists.org/nmap-dev/

No, I didn't have to implement one, as all the info we need is in theserver hello, the first packet sent by the server in reply to the clienthello (to which we add the next protocol negotiation extension).


On 07/06/2012 11:47 AM, Toni Ruottu wrote:

I think this should go into default. Did you have a specific reason
for not putting it into default? Does anyone else have an opinion
about this?

Yes I belive so. I was hesitant about adding this to the defaultcategory until I see what someone else has to say about it.


Cheers,
Hani.

--
Hani Benhabiles

Twitter:https://twitter.com/#!/kroosec
Blog:http://kroosec.blogspot.com

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] tls-nextprotoneg Hani Benhabiles (Jul 06)
- Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 06)
  - Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 06)
  - Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 06)
- Re: [NSE] tls-nextprotoneg Henri Doreau (Jul 07)
  - Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 07)
    - Re: [NSE] tls-nextprotoneg Henri Doreau (Jul 07)
    - Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 07)
    - Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 07)
    - Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 08)
    - Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 08)
    - Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 08)
    - Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 08)