Nmap Development mailing list archives
Re: [NSE] ssl-date
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Tue, 31 Jul 2012 21:13:44 +0200
On 7/31/2012 8:11 PM, David Fifield wrote:
On Mon, Jul 30, 2012 at 09:57:33AM +0200, Aleksandar Nikolic wrote:Hi all, I've written a script that extracts the remote server's time from ServerHello ssl reply. First 4 bytes of server random are actually system time. Original idea by Jacob Appelbaum and his TeaTime and tlsdate tools: - https://github.com/ioerror/TeaTime - https://github.com/ioerror/tlsdate -- -- @output -- PORT STATE SERVICE REASON -- 443/tcp open https syn-ack -- |_ssl-date: Server time 2012-07-30 09:46:07 GMT; 0s from the local time. The script can be used to detect wrongly set time, or even detect non standard SSL implementations.This looks good and it works for me. Please commit it. Do you think it is possible to add STARTTLS support to this script for the same protocols as ssl-cert? There is a table of STARTTLS functions in sslcert.lua, but they probably operate at the wrong level of abstraction as they call nmap.reconnect_ssl. Perhaps that table can be broken into two steps, and your code that needs to craft its own ClientHello can call only the lower-level of the two steps. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Added to trunk as 29421. I'll look into adding STARTTLS , it shouldn't be much of a problem. Aleksandar _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ssl-date Aleksandar Nikolic (Jul 30)
- Re: [NSE] ssl-date Jacob Appelbaum (Jul 31)
- Re: [NSE] ssl-date David Fifield (Jul 31)
- Re: [NSE] ssl-date Aleksandar Nikolic (Jul 31)