為了催生我的第一本書(網站滲透測試實務入門),冷落了網誌近四個月,現在書已出版了,該收心了!
前幾個月暴出的 OpenSSL 漏洞,最近又出了個 SSL3.0弱點,看了這些名詞,搞得清楚是啥東東嗎?你負責的網站或者你要連線的網站是不是用了這些有漏洞的加密協定?今天就介紹一款檢測網站通訊加密碼的工具,希望可以幫助網站負責人,測一測承包的廠商有沒有隨便唬弄!
SSLScan是專門用來檢測網站使用 SSL 協定的資訊,可以測試網站支援的SSL版本及使用的加密方式。SSLScan 可以從 http://sourceforge.net/projects/sslscan/ 下載,因為個人習慣使用 Kali Linux,已經內建 SSLScan,以下的操作是在 Kali Linux 環境裡完成的。
命令格式: sslscan [OPTIONs] HOST[:PORT]
常用選項說明:
HOST:PORT
指定單一站台做為掃描目標,如果要一次對多個站台進行掃描,請使用 --targets=FILE ,如果不是使用標準的端口 443,可以在網址後面指定端口編號,例如: 127.0.0.1 或 127.0.0.1:8080
--targets=FILE
利用檔案清單方式,一次掃描多個站台,一行一組站台網址,如果不是使用標準的端口 443,可以在網址後面指定端口編號,例如: 127.0.0.1 或 127.0.0.1:8080
--no-failed
只列出可以成功取得加密方法(預設是所有測試的加密方法都全部顯示)
--http
測試 HTTP 連線,就算網站啟用 SSL 但仍允許 http 連線,表示使用者可以繞過SSL,而以無加密方式連線
--xml=FILE將測試結果以XML格式寫到指定的檔案中
底下就以 www.yahoo.com.tw(奇摩)做範例:
sslscan --http tw.yahoo.com
Testing SSL server tw.yahoo.com on port 443
第一段是測試的結果:
第二段是此網站最佳的加密方式 :
第三段是此網站的加密憑證資訊:
Testing SSL server tw.yahoo.com on port 443
第一段是測試的結果:
Supported Server Cipher(s):
Failed N/A SSLv3 256 bits ECDHE-RSA-AES256-GCM-SHA384
Failed N/A SSLv3 256 bits ECDHE-ECDSA-AES256-GCM-SHA384
Failed N/A SSLv3 256 bits ECDHE-RSA-AES256-SHA384
Failed N/A SSLv3 256 bits ECDHE-ECDSA-AES256-SHA384
Accepted 200 OK SSLv3 256 bits ECDHE-RSA-AES256-SHA
Rejected N/A SSLv3 256 bits ECDHE-ECDSA-AES256-SHA
第二段是此網站最佳的加密方式 :
Prefered Server Cipher(s):
SSLv3 128 bits ECDHE-RSA-RC4-SHA
TLSv1 128 bits ECDHE-RSA-RC4-SHA
第三段是此網站的加密憑證資訊:
SSL Certificate:
Version: 2
Serial Number: -4294967295
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
Not valid before: Sep 24 00:00:00 2014 GMT
Not valid after: Sep 25 23:59:59 2015 GMT
Subject: /C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/
CN=www.yahoo.com
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Public-Key: (2048 bit)
Modulus:
00:cb:b3:cf:6d:6f:6b:23:6e:eb:b0:8f:0a:ad:aa:
98:ba:1a:d9:26:1e:88:52:32:71:63:c9:79:c4:82:
2e:c8:22:b4:cd:2f:04:9f:95:2d:83:a9:52:22:07:
24:00:42:ee:18:17:07:46:29:73:18:97:c5:b8:69:
06:78:22:70:22:d0:13:4a:11:86:2b:53:9a:49:69:
c5:a2:77:b4:2b:3b:f1:75:f9:a4:83:8d:3e:8e:65:
fb:17:a0:ac:14:7d:87:ed:d4:a6:5c:99:b7:c8:f4:
de:a0:6a:13:d9:33:41:27:6a:71:54:cf:c2:49:d4:
c6:8b:1e:2c:3b:f3:1d:bc:da:bb:11:c1:fe:06:62:
9c:3b:2b:bf:8d:43:cb:7b:7b:51:4f:9f:f4:1f:d2:
99:6f:a1:24:9b:64:65:5f:2c:d0:95:ad:98:b6:6a:
02:24:3f:c7:f3:ad:3f:47:b1:57:bf:dd:a0:c2:ed:
dd:a4:e1:a3:74:24:1b:73:5f:a7:8e:8b:09:10:bc:
ea:a6:26:aa:3c:57:73:e4:6a:d6:53:6f:9c:aa:f8:
f8:9b:bf:22:f6:72:d5:9f:fe:e0:e2:a3:38:8f:b7:
d2:ad:91:22:82:36:c1:e6:ae:83:64:6e:07:16:80:
f7:59:c4:4d:f4:f4:5e:c8:de:4d:6b:e6:b5:30:ea:
8f:0f
Exponent: 65537 (0x10001)
X509v3 Extensions:
X509v3 Subject Alternative Name:
DNS:www.yahoo.com, DNS:yahoo.com, DNS:hsrd.yahoo.com, DNS:us.yahoo.com,
DNS:fr.yahoo.com, DNS:uk.yahoo.com, DNS:za.yahoo.com, DNS:ie.yahoo.com,
DNS:it.yahoo.com, DNS:es.yahoo.com, DNS:de.yahoo.com, DNS:ca.yahoo.com,
DNS:qc.yahoo.com, DNS:br.yahoo.com, DNS:ro.yahoo.com, DNS:se.yahoo.com,
DNS:be.yahoo.com, DNS:fr-be.yahoo.com, DNS:ar.yahoo.com, DNS:mx.yahoo.com,
DNS:cl.yahoo.com, DNS:co.yahoo.com, DNS:ve.yahoo.com, DNS:espanol.yahoo.com,
DNS:pe.yahoo.com, DNS:in.yahoo.com, DNS:sg.yahoo.com, DNS:id.yahoo.com,
DNS:malaysia.yahoo.com, DNS:ph.yahoo.com, DNS:vn.yahoo.com, DNS:maktoob.yahoo.com,
DNS:en-maktoob.yahoo.com, DNS:ca.my.yahoo.com, DNS:gr.yahoo.com,
DNS:att.yahoo.com, DNS:au.yahoo.com, DNS:nz.yahoo.com, DNS:tw.yahoo.com,
DNS:hk.yahoo.com, DNS:brb.yahoo.com, DNS:my.yahoo.com, DNS:add.my.yahoo.com,
DNS:espanol.att.yahoo.com, DNS:frontier.yahoo.com, DNS:verizon.yahoo.com,
DNS:ca.rogers.yahoo.com, DNS:fr-ca.rogers.yahoo.com, DNS:tatadocomo.yahoo.com,
DNS:tikona.yahoo.com, DNS:ideanetsetter.yahoo.com, DNS:mtsindia.yahoo.com,
DNS:smartfren.yahoo.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.54
CPS: https://d.symcb.com/cps
User Notice:
Explicit Text: https://d.symcb.com/rpa
X509v3 Authority Key Identifier:
keyid:0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5
X509v3 CRL Distribution Points:
Full Name:
URI:http://sd.symcb.com/sd.crl
Authority Information Access:
OCSP - URI:http://sd.symcd.com
CA Issuers - URI:http://sd.symcb.com/sd.crt
Verify Certificate:
unable to get local issuer certificate
如果要測試自己的網站,只要關注第一段就可以了,如果是做滲透測試前的訊息收集,就要特別關心第一段及第三段,如果網站使用有漏洞的加密方式就可能被駭客利用。
沒有留言:
張貼留言