logo

tls-shake

SSL/TLS False Handshake client for testing server’s configurationgit clone https://hacktivis.me/git/tls-shake.git

client-hello.c (2686B)

    

  1. #include "debug.h"            /* debug_printf */

  2. #include "tls-parameters-4.h" /* ciphers */

  3. 

  4. #include <err.h>

  5. #include <errno.h> // errno

  6. #include <netdb.h> // getaddrinfo()

  7. #include <stddef.h>

  8. #include <stdio.h>

  9. #include <stdlib.h> /* arc4random_buf() */

  10. #include <string.h> /* memset(), strlcpy(), strlcat() */

  11. #include <sys/socket.h>

  12. #include <sys/types.h>

  13. #include <unistd.h> /* close() */

  14. 

  15. static int SSL_TLS_versions[] = {

  16.     0x0200, /* 2.0: SSLv2 */

  17.     0x0300, /* 3.0: SSLv3 */

  18.     0x0301, /* 3.1: TLSv1.0 */

  19.     0x0302, /* 3.2: TLSv1.1 */

  20.     0x0303, /* 3.3: TLSv1.2 */

  21. };

  22. 

  23. static void usage(char *command)

  24. {

  25. 	printf("Usage: %s <host> [port]\n", command);

  26. 	printf("Default port: 443\n");

  27. 	exit(0);

  28. }

  29. 

  30. int main(int argc, char *argv[])

  31. {

  32. 	size_t send_result;

  33. 	char *handshake, *tls_packet, *client_hello;

  34. 	char *s_port = "1337", random_bytes[32];

  35. 

  36. 	if(argc < 2 || argc > 3) usage(argv[0]);

  37. 

  38. 	/* START network connection, copied from manpages of getaddrinfo(3) from OpenBSD and GNU */

  39. 	struct addrinfo hints, *result, *rp;

  40. 	int error      = 0;

  41. 	int save_errno = errno;

  42. 	int s          = 0;

  43. 

  44. 	memset(&hints, 0, sizeof(hints));

  45. 	hints.ai_family   = AF_UNSPEC;

  46. 	hints.ai_socktype = SOCK_STREAM;

  47. 	hints.ai_flags    = 0;

  48. 	hints.ai_protocol = 0;

  49. 

  50. 	error = getaddrinfo(argv[1], s_port, &hints, &result);

  51. 	if(error != 0) errx(1, "getaddrinfo: %s", gai_strerror(error));

  52. 

  53. 	for(rp = result; rp != NULL; rp = rp->ai_next)

  54. 	{

  55. 		s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);

  56. 

  57. 		if(connect(s, rp->ai_addr, rp->ai_addrlen) != -1)

  58. 		{

  59. 			break;

  60. 		}

  61. 		else

  62. 		{

  63. 			save_errno = errno;

  64. 		}

  65. 

  66. 		close(s);

  67. 	}

  68. 

  69. 	if((s == -1) | (rp == NULL))

  70. 	{

  71. 		perror(strerror(save_errno));

  72. 		exit(EXIT_FAILURE);

  73. 	}

  74. 

  75. 	freeaddrinfo(result);

  76. 

  77. 	/* DONE network connection */

  78. 	arc4random_buf(random_bytes, sizeof(random_bytes));

  79. 

  80. 	tls_packet = (uint16_t)'\x01'; /* client hello: 0x01 */

  81. 

  82. 	strlcpy(client_hello, (uint32_t)0x0303, 4); /* SSL version max */

  83. 	strlcat(client_hello, (const char *)&random_bytes, 32);

  84. 

  85. 	strlcat(tls_packet, (const char *)sizeof(client_hello), 3);

  86. 	strlcat(tls_packet, client_hello, sizeof(client_hello));

  87. 

  88. 	strlcat(tls_packet, '\x00', 2); /* Session ID lenght */

  89. 

  90. 	strlcat(tls_packet, sizeof(ciphers), 2);

  91. 	strlcat(tls_packet, &ciphers, sizeof(ciphers));

  92. 

  93. 	strlcat(tls_packet, '\x01', 1); /* Compression Method */

  94. 	strlcat(tls_packet, '\x00', 1); /* Compression Methods */

  95. 

  96. 	strlcat(tls_packet, "\x00\x00", 2); /* Extension Lenght */

  97. 

  98. 	handshake = '\x16';

  99. 	strlcat(&handshake, 0x0200, 2); /* SSL version min */

  100. 	strlcat(&handshake, sizeof(tls_packet), 2);

  101. 	strlcat(&handshake, tls_packet, sizeof(tls_packet));

  102. 

  103. 	write(s, handshake, sizeof(handshake));

  104. 

  105. 	close(s);

  106. 

  107. 	return 0;

  108. }