logo

tls-shake

SSL/TLS False Handshake client for testing server’s configurationgit clone https://anongit.hacktivis.me/git/tls-shake.git/

client-hello.c (2686B)

    

  1. #include "debug.h"            /* debug_printf */
  2. #include "tls-parameters-4.h" /* ciphers */
  4. #include <err.h>
  5. #include <errno.h> // errno
  6. #include <netdb.h> // getaddrinfo()
  7. #include <stddef.h>
  8. #include <stdio.h>
  9. #include <stdlib.h> /* arc4random_buf() */
  10. #include <string.h> /* memset(), strlcpy(), strlcat() */
  11. #include <sys/socket.h>
  12. #include <sys/types.h>
  13. #include <unistd.h> /* close() */
  15. static int SSL_TLS_versions[] = {
  16.     0x0200, /* 2.0: SSLv2 */
  17.     0x0300, /* 3.0: SSLv3 */
  18.     0x0301, /* 3.1: TLSv1.0 */
  19.     0x0302, /* 3.2: TLSv1.1 */
  20.     0x0303, /* 3.3: TLSv1.2 */
  21. };
  23. static void usage(char *command)
  24. {
  25. 	printf("Usage: %s <host> [port]\n", command);
  26. 	printf("Default port: 443\n");
  27. 	exit(0);
  28. }
  30. int main(int argc, char *argv[])
  31. {
  32. 	size_t send_result;
  33. 	char *handshake, *tls_packet, *client_hello;
  34. 	char *s_port = "1337", random_bytes[32];
  36. 	if(argc < 2 || argc > 3) usage(argv[0]);
  38. 	/* START network connection, copied from manpages of getaddrinfo(3) from OpenBSD and GNU */
  39. 	struct addrinfo hints, *result, *rp;
  40. 	int error      = 0;
  41. 	int save_errno = errno;
  42. 	int s          = 0;
  44. 	memset(&hints, 0, sizeof(hints));
  45. 	hints.ai_family   = AF_UNSPEC;
  46. 	hints.ai_socktype = SOCK_STREAM;
  47. 	hints.ai_flags    = 0;
  48. 	hints.ai_protocol = 0;
  50. 	error = getaddrinfo(argv[1], s_port, &hints, &result);
  51. 	if(error != 0) errx(1, "getaddrinfo: %s", gai_strerror(error));
  53. 	for(rp = result; rp != NULL; rp = rp->ai_next)
  54. 	{
  55. 		s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
  57. 		if(connect(s, rp->ai_addr, rp->ai_addrlen) != -1)
  58. 		{
  59. 			break;
  60. 		}
  61. 		else
  62. 		{
  63. 			save_errno = errno;
  64. 		}
  66. 		close(s);
  67. 	}
  69. 	if((s == -1) | (rp == NULL))
  70. 	{
  71. 		perror(strerror(save_errno));
  72. 		exit(EXIT_FAILURE);
  73. 	}
  75. 	freeaddrinfo(result);
  77. 	/* DONE network connection */
  78. 	arc4random_buf(random_bytes, sizeof(random_bytes));
  80. 	tls_packet = (uint16_t)'\x01'; /* client hello: 0x01 */
  82. 	strlcpy(client_hello, (uint32_t)0x0303, 4); /* SSL version max */
  83. 	strlcat(client_hello, (const char *)&random_bytes, 32);
  85. 	strlcat(tls_packet, (const char *)sizeof(client_hello), 3);
  86. 	strlcat(tls_packet, client_hello, sizeof(client_hello));
  88. 	strlcat(tls_packet, '\x00', 2); /* Session ID lenght */
  90. 	strlcat(tls_packet, sizeof(ciphers), 2);
  91. 	strlcat(tls_packet, &ciphers, sizeof(ciphers));
  93. 	strlcat(tls_packet, '\x01', 1); /* Compression Method */
  94. 	strlcat(tls_packet, '\x00', 1); /* Compression Methods */
  96. 	strlcat(tls_packet, "\x00\x00", 2); /* Extension Lenght */
  98. 	handshake = '\x16';
  99. 	strlcat(&handshake, 0x0200, 2); /* SSL version min */
  100. 	strlcat(&handshake, sizeof(tls_packet), 2);
  101. 	strlcat(&handshake, tls_packet, sizeof(tls_packet));
  103. 	write(s, handshake, sizeof(handshake));
  105. 	close(s);
  107. 	return 0;
  108. }