.:SSLFail:.

Just a quick post to share that pdp has released a Python SSL proxy. I haven’t had a chance to play with it yet but it definitely looks promising, so I figured I’d share it with everyone.

Update: A lot of people don’t like the idea of people issuing their own CA Certs… I saw some humour in a SSLFail CA cert that wasn’t shared. I also see no reason why SSL Certs should be as over priced as they are (that deserves it’s own blog post), so I won’t pay for one for a blog. So… Install the CA cert at your own risk.

So there have been some comments about SSLFail not having an SSL version. I’ve fixed this today and you can now access SSLFail via https://www.sslfail.com. The CA is SSLFail so by defaut you’ll get an error (in Firefox the message will read: ‘The certificate is not trusted because the issuer certificate is unknown.’ ). The SSLFail certificate is available for download, should you wish to install it.

Should anyone want a cert signed by SSLFail, I’m more than willing to do so… simply email — treguly (at) sslfail (dot) com.

I really wish I’d be at ShmooCon for this, but getting news of it is more than enough.  I had first mentioned the Middler when I attended Jay’s talk at SecTor. Following the presentation I had a chance to sit down and further discuss the tool with Jay and I was really excited that the release was coming “later that day”. Later that day turned into months without any word of an announcement, but that’s over now… the tool is out and it’s very exciting.

Instead of continuing to discuss it myself (I plan a long blog post once I’ve had time to play with the Middler), I’m going to point you to a post on NovaInfosecPortal.com which contains further details. The Middler can be downloaded from the InGuardians website here.

This SSL Packet Trace is based on the Server View found here. My goal is to add useful hash information to the packet dump which in its original form only contained the state register values.

These are the starting values for your MD5 and SHA-1 Hash Objects.
State = useless
Hash = digest() of all handshake data seen so far
Buf Hash = digest() of all 64 byte blocked handshake data
Buffered Data = 63 or less bytes of data waiting to be added to the hashes

Now each handshake section of the packet is added to the hash objects in 64 byte blocks. If you do not yet have 64 bytes to add you simply hold onto them in a buffer.

While the hash states listed in the original packet traces were useless the buffered data was pretty handy, it was a clear indication of what pieces to add to the hash objects. In this packet we add 74 more bytes to the 52 we had saved up from before. After using up the first 64 bytes we are left with 62 left over.

This is where the packets start getting really long. Although the certificates are long (and very complicated) they are one of the very few SSL packets with ASCII printable text. When looking at a packet dump these are the most recognizable packets of an SSL transaction.

The following packet is where this demo trace really goes off the rails. Netscape chose to illustrate one of the more complicated capabilities of SSL. Although client side certificates are essential to SSL VPN connections, they are very seldom seen in standard HTTPS sessions.

Finally we get to the Server Hello Done message.

Client sends its identity to the Server. This step is not commonly seen.

Now here is the first packet with actual encryption. This packet contains the pre-master secret that has been asymmetrically encrypted with the server’s public key. This pre-master secret will be used to calculate the symmetric key. I will focus on this packet in a future post as it is very interesting.

Certificate Verify message – not commonly seen as client authentication is rare.

The Client Change Cipher Spec message is not included in the hashes. The Client Finished message however is. This packet (or portion of a packet) is the first symmetrically encrypted data we have seen so far. At this point in the handshake both the server and client posses a shared key.

When this packet is unencrypted you will find a message that can only be verified if you have all the handshake data seen thus far. This is a little harder than just adding a couple of captured packets, as several portions of the message need to be excluded (all record data and change cipher spec messages). The server then does the same thing with this newly included data and completes the handshake by constructing the server finished message. I will look at this final step in my next post.

Royal Pingdom has a post up mention that Netcraft has announced there are now one million sites that are using SSL. That’s valid certs, trusted by a third party, not expired and where the common name matches the hostname.  That’s a far cry from the 3293 found in Netcrafts first SSL survey.

Does this survey catch everything? Probably not, but it’s most likely a good starting point.

Now, how did Royal Pingdom determine that there are potentially 219K in expired certs? They based it on a 2007 survey from Venafi (referenced here), that said 18% of Fortune 1000 websites had expired certificates. They applied the percentage to the Netcraft total and, voila… 219K. They also go on to say that even if you have that it’s still 100K websites with expired certificates.

I’d be willing to wager a guess that if the number is off it’s mark, that it’s probably too low rather than two high. I encounter sites all the time with expired certs. Mind you, since we started SSLFail.com, I’ve had a harder time finding them.  However, I did happen to stumble across one just the other day and since we don’t feature screenshots with IE often enough… here you go.

OpenRCE.org Expired SSL