[W3af-svn-notify] [Task #145075] audit.sslCertificate ; get more info
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-svn-notify] [Task #145075] audit.sslCertificate ; get more info
|
From: SourceForge.net <no...@so...> - 2008-02-24 19:46:31
|
Task #145075 has been updated.
Project: w3af
Subproject: Plugin TODO v1.10
Summary: audit.sslCertificate ; get more info
Complete: 0%
Status: Open
Authority : andresriancho
Assigned to: nobody
Description: Get more info from the certificate and validate dates, domain name, etc.
Follow-Ups:
-------------------------------------------------------
Date: 2008-01-11 12:19
By: andresriancho
Comment:
Something like this should be shown:
Server certificate
-----BEGIN CERTIFICATE-----
MIIC0zCCAjwCCQCtz8J102gJFzANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMC
R0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFjAUBgNVBAcTDVNvbWUtTG9jYWxpdHkx
GTAXBgNVBAoTEE9uZSBPcmdhbml6YXRpb24xHjAcBgNVBAsTFU9uZSBPcmdhbml6
YXRpb24gVW5pdDESMBAGA1UEAxMJbG9jYWxob3N0MSIwIAYJKoZIhvcNAQkBFhN3
ZWJtYXN0ZXJAbG9jYWxob3N0MB4XDTA2MTIxMTE2MDQyOVoXDTA3MDExMDE2MDQy
OVowga0xCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpTb21lLVN0YXRlMRYwFAYDVQQH
Ew1Tb21lLUxvY2FsaXR5MRkwFwYDVQQKExBPbmUgT3JnYW5pemF0aW9uMR4wHAYD
VQQLExVPbmUgT3JnYW5pemF0aW9uIFVuaXQxEjAQBgNVBAMTCWxvY2FsaG9zdDEi
MCAGCSqGSIb3DQEJARYTd2VibWFzdGVyQGxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA72qyH0+6Bqpx4FHfEkezqPHZuE212r8nDm8//udvYPoX
yiswL7H3zb7M7ZftvcTKGwisSdcg6A+IoqO6zyvjorg9dAkFZ0B8RjeEavqB/BYG
oax0Ql6E9TRK9jzvz28cbz3fFi20Njuau8O6OGCxNgEqJDvLFDBVj539lOR2jtEC
AwEAATANBgkqhkiG9w0BAQUFAAOBgQA1qEjGcY+9jVz635zzvLevo+S7sLROPvIp
uQUPHQPfQ2xx3BEb5slSRlgUARV4/cE0OEODPOL/8xvJeTyTLBilXw4pUBeOm9tz
rCsJ1ljpCNf4I2/Ecm6uK446sYIv2E0946KiMz//3esRGi5iSiNr/Aw66VOg1wbx
xMyx7wAbeg==
-----END CERTIFICATE-----
subject=/C=GB/ST=Some-State/L=Some-Locality/O=One Organization/OU=One Organization Unit/CN=localhost/emailAddress=webmaster@localhost
issuer=/C=GB/ST=Some-State/L=Some-Locality/O=One Organization/OU=One Organization Unit/CN=localhost/emailAddress=webmaster@localhost
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5
---
SSL handshake has read 860 bytes and written 236 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: 63D445918D33F99FF8B4C241427DCE04
Session-ID-ctx:
Master-Key: FEE6B631E93F3768DA1ADD5F29A0E2081F8E79B0B4668AA9
Key-Arg : 48B59B5390412D47
Start Time: 1200064709
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)
---
-------------------------------------------------------
Date: 2008-01-11 11:41
By: andresriancho
Comment:
This can be done with the openssl module! The plugin that should be modified is audit.sslCertificate.
Also, only perfom *one* connection to the remote server, not one for every call. Show the gathered information only one time.
Finally, check that the certificate is valid. Maybe openssl can do this ?!
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145075&group_id=170274&group_project_id=55629
|
