2014年12月5日 星期五

利用 SSLScan 檢測網站的SSL支援程度

為了催生我的第一本書(網站滲透測試實務入門),冷落了網誌近四個月,現在書已出版了,該收心了!
前幾個月暴出的  OpenSSL 漏洞,最近又出了個 SSL3.0弱點,看了這些名詞,搞得清楚是啥東東嗎?你負責的網站或者你要連線的網站是不是用了這些有漏洞的加密協定?今天就介紹一款檢測網站通訊加密碼的工具,希望可以幫助網站負責人,測一測承包的廠商有沒有隨便唬弄!
SSLScan是專門用來檢測網站使用 SSL 協定的資訊,可以測試網站支援的SSL版本及使用的加密方式。SSLScan 可以從 http://sourceforge.net/projects/sslscan/ 下載,因為個人習慣使用 Kali Linux,已經內建  SSLScan,以下的操作是在 Kali Linux 環境裡完成的。
命令格式: sslscan [OPTIONs] HOST[:PORT]
常用選項說明:
HOST:PORT  指定單一站台做為掃描目標,如果要一次對多個站台進行掃描,請使用 --targets=FILE ,如果不是使用標準的端口 443,可以在網址後面指定端口編號,例如: 127.0.0.1 或 127.0.0.1:8080
--targets=FILE 利用檔案清單方式,一次掃描多個站台,一行一組站台網址,如果不是使用標準的端口 443,可以在網址後面指定端口編號,例如: 127.0.0.1 或 127.0.0.1:8080
--no-failed 只列出可以成功取得加密方法(預設是所有測試的加密方法都全部顯示)
--http 測試 HTTP 連線,就算網站啟用 SSL 但仍允許 http 連線,表示使用者可以繞過SSL,而以無加密方式連線
--xml=FILE將測試結果以XML格式寫到指定的檔案中
 
底下就以 www.yahoo.com.tw(奇摩)做範例:
sslscan --http tw.yahoo.com

Testing SSL server tw.yahoo.com on port 443

第一段是測試的結果:
  Supported Server Cipher(s):
    Failed    N/A              SSLv3  256 bits  ECDHE-RSA-AES256-GCM-SHA384
    Failed    N/A              SSLv3  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
    Failed    N/A              SSLv3  256 bits  ECDHE-RSA-AES256-SHA384
    Failed    N/A              SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA384
    Accepted  200 OK           SSLv3  256 bits  ECDHE-RSA-AES256-SHA
    Rejected  N/A              SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA

第二段是此網站最佳的加密方式 :
  Prefered Server Cipher(s):
    SSLv3  128 bits  ECDHE-RSA-RC4-SHA
    TLSv1  128 bits  ECDHE-RSA-RC4-SHA

第三段是此網站的加密憑證資訊:
  SSL Certificate:
    Version: 2
    Serial Number: -4294967295
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at 
            https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
    Not valid before: Sep 24 00:00:00 2014 GMT
    Not valid after: Sep 25 23:59:59 2015 GMT
    Subject: /C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/
            CN=www.yahoo.com
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
      Public-Key: (2048 bit)
      Modulus:
          00:cb:b3:cf:6d:6f:6b:23:6e:eb:b0:8f:0a:ad:aa:
          98:ba:1a:d9:26:1e:88:52:32:71:63:c9:79:c4:82:
          2e:c8:22:b4:cd:2f:04:9f:95:2d:83:a9:52:22:07:
          24:00:42:ee:18:17:07:46:29:73:18:97:c5:b8:69:
          06:78:22:70:22:d0:13:4a:11:86:2b:53:9a:49:69:
          c5:a2:77:b4:2b:3b:f1:75:f9:a4:83:8d:3e:8e:65:
          fb:17:a0:ac:14:7d:87:ed:d4:a6:5c:99:b7:c8:f4:
          de:a0:6a:13:d9:33:41:27:6a:71:54:cf:c2:49:d4:
          c6:8b:1e:2c:3b:f3:1d:bc:da:bb:11:c1:fe:06:62:
          9c:3b:2b:bf:8d:43:cb:7b:7b:51:4f:9f:f4:1f:d2:
          99:6f:a1:24:9b:64:65:5f:2c:d0:95:ad:98:b6:6a:
          02:24:3f:c7:f3:ad:3f:47:b1:57:bf:dd:a0:c2:ed:
          dd:a4:e1:a3:74:24:1b:73:5f:a7:8e:8b:09:10:bc:
          ea:a6:26:aa:3c:57:73:e4:6a:d6:53:6f:9c:aa:f8:
          f8:9b:bf:22:f6:72:d5:9f:fe:e0:e2:a3:38:8f:b7:
          d2:ad:91:22:82:36:c1:e6:ae:83:64:6e:07:16:80:
          f7:59:c4:4d:f4:f4:5e:c8:de:4d:6b:e6:b5:30:ea:
          8f:0f
      Exponent: 65537 (0x10001)
    X509v3 Extensions:
    X509v3 Subject Alternative Name: 
        DNS:www.yahoo.com, DNS:yahoo.com, DNS:hsrd.yahoo.com, DNS:us.yahoo.com, 
        DNS:fr.yahoo.com, DNS:uk.yahoo.com, DNS:za.yahoo.com, DNS:ie.yahoo.com, 
        DNS:it.yahoo.com, DNS:es.yahoo.com, DNS:de.yahoo.com, DNS:ca.yahoo.com, 
        DNS:qc.yahoo.com, DNS:br.yahoo.com, DNS:ro.yahoo.com, DNS:se.yahoo.com, 
        DNS:be.yahoo.com, DNS:fr-be.yahoo.com, DNS:ar.yahoo.com, DNS:mx.yahoo.com, 
        DNS:cl.yahoo.com, DNS:co.yahoo.com, DNS:ve.yahoo.com, DNS:espanol.yahoo.com, 
        DNS:pe.yahoo.com, DNS:in.yahoo.com, DNS:sg.yahoo.com, DNS:id.yahoo.com, 
        DNS:malaysia.yahoo.com, DNS:ph.yahoo.com, DNS:vn.yahoo.com, DNS:maktoob.yahoo.com, 
        DNS:en-maktoob.yahoo.com, DNS:ca.my.yahoo.com, DNS:gr.yahoo.com, 
        DNS:att.yahoo.com, DNS:au.yahoo.com, DNS:nz.yahoo.com, DNS:tw.yahoo.com, 
        DNS:hk.yahoo.com, DNS:brb.yahoo.com, DNS:my.yahoo.com, DNS:add.my.yahoo.com, 
        DNS:espanol.att.yahoo.com, DNS:frontier.yahoo.com, DNS:verizon.yahoo.com, 
        DNS:ca.rogers.yahoo.com, DNS:fr-ca.rogers.yahoo.com, DNS:tatadocomo.yahoo.com, 
        DNS:tikona.yahoo.com, DNS:ideanetsetter.yahoo.com, DNS:mtsindia.yahoo.com, 
        DNS:smartfren.yahoo.com
      X509v3 Basic Constraints: 
        CA:FALSE
      X509v3 Key Usage: critical
        Digital Signature, Key Encipherment
      X509v3 Extended Key Usage: 
        TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 Certificate Policies: 
        Policy: 2.16.840.1.113733.1.7.54
          CPS: https://d.symcb.com/cps
          User Notice:
            Explicit Text: https://d.symcb.com/rpa

      X509v3 Authority Key Identifier: 
        keyid:0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5

      X509v3 CRL Distribution Points: 

        Full Name:
          URI:http://sd.symcb.com/sd.crl

      Authority Information Access: 
        OCSP - URI:http://sd.symcd.com
        CA Issuers - URI:http://sd.symcb.com/sd.crt

  Verify Certificate:
    unable to get local issuer certificate

如果要測試自己的網站,只要關注第一段就可以了,如果是做滲透測試前的訊息收集,就要特別關心第一段及第三段,如果網站使用有漏洞的加密方式就可能被駭客利用。

沒有留言:

張貼留言