[or-cvs] r15281: minimal working ssl scanner done (in torflow/branches/gsoc2008: . data/soat data/soat/ssl data/soat/ssl/certs data/soat/ssl/nodesResults)
aleksei at seul.org
aleksei at seul.org
Sun Jun 15 17:41:23 UTC 2008
Author: aleksei
Date: 2008-06-15 13:41:22 -0400 (Sun, 15 Jun 2008)
New Revision: 15281
Added:
torflow/branches/gsoc2008/data/soat/ssl/
torflow/branches/gsoc2008/data/soat/ssl/certs/
torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem
torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem
torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem
torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem
torflow/branches/gsoc2008/data/soat/ssl/nodesPositive/
torflow/branches/gsoc2008/data/soat/ssl/nodesResults/
torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result
torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result
torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result
torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result
Removed:
torflow/branches/gsoc2008/data/soat/certs/
torflow/branches/gsoc2008/data/soat/docs/
Modified:
torflow/branches/gsoc2008/soat.py
Log:
minimal working ssl scanner done
Added: torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmugAwIBAgIDCG47MA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEwMTgwMjMzWhcNMDkxMjEwMTgwMjMz
+WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
+DU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xGjAY
+BgNVBAsTEVNlY3VyZSBXZWIgU2VydmVyMRYwFAYDVQQDFA0qLm1vemlsbGEub3Jn
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChC0WH3YhyVVYKWEjAfYT0q19W
+c89J2McBEX9UvBUX5vOujghbDdyDTahVSf5sgkX54mVDoLq/rv28fd8Op8Wf54ZU
+oN/n+05M/F3+j52hja3UysHgtEsCCiTUd73oWTh0GiwNhbchqGWo52rs5xKGxaEQ
+HhW+gJFC2jrEYsRzbQIDAQABo4GuMIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4E
+FgQU441V52B+eQnnlTrlE0IcnvaS77QwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
+L2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAU
+SOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMA0GCSqGSIb3DQEBBQUAA4GBAD7DR9FVBTK8jxLKebbAIetW95SIc9r1Nl5/
+PecjkP6RfKHbnCQ32j213HC9nZZR8nwCGgS1ryTKp/l0HFVWuF1L/y2fLEU7mzVP
+3cwNb/QYgOvNRh2+VDTP+rXGnLmm+MNvQoqzQNJrUlta8qxitaUFk/AL/anne8dp
+f+07Xq2p
+-----END CERTIFICATE-----
Added: torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAougAwIBAgIQbldpChBPqv+BdPg4iwgN8TANBgkqhkiG9w0BAQUFADBM
+MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
+THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wODA1MDIxNjMyNTRaFw0w
+OTA1MDIxNjMyNTRaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRgw
+FgYDVQQDEw9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBALlkxdh2QXegdElukCSOV2+8PKiONIS+8Tu9K7MQsYpqtLNC860zwOPQ2NLI
+3Zp4jwuXVTrtzGuiqf5Jioh35Ig3CqDXtLyZoypjZUQcq4mlLzHlhIQ4EhSjDmA7
+Ffw9y3ckSOQgdBQWNLbquHh9AbEUjmhkrYxIqKXeCnRKhv6nAgMBAAGjgecwgeQw
+KAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwNgYDVR0f
+BC8wLTAroCmgJ4YlaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNHQ0NBLmNy
+bDByBggrBgEFBQcBAQRmMGQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0
+ZS5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0
+b3J5L1RoYXd0ZV9TR0NfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
+BQADgYEAsRwpLg1dgCR1gYDK185MFGukXMeQFUvhGqF8eT/CjpdvezyKVuz84gSu
+6ccMXgcPQZGQN/F4Xug+Q01eccJjRSVfdvR5qwpqCj+6BFl5oiKDBsveSkrmL5dz
+s2bn7TdTSYKcLeBkjXxDLHGBqLJ6TNCJ3c4/cbbG5JhGvoema94=
+-----END CERTIFICATE-----
Added: torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAuWgAwIBAgIQbfxRUFCOzMrPD9Y7lr8MaTANBgkqhkiG9w0BAQUFADCB
+zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
+Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
+CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
+d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
+cnZlckB0aGF3dGUuY29tMB4XDTA4MDUxNDIyMjkyMloXDTA5MDUyMDA5MjE0Nlow
+gYAxCzAJBgNVBAYTAkFVMRgwFgYDVQQIEw9OZXcgU291dGggV2FsZXMxEzARBgNV
+BAcTCkNyb3dzIE5lc3QxKDAmBgNVBAoTH09wdGltYWwgRGVjaXNpb25zIEdyb3Vw
+IFB0eSBMdGQxGDAWBgNVBAMTD3d3dy5mYXN0bWFpbC5mbTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAyJMTIn/14CHIrAYGi3913dMk1khF1C1M4f6/JlmIv7Xl
+HlOT+GJNcal38wsS/VxXTSrKgPcXDDK0kYGg/1WU6wF8HJ64LEXHou558PDBDnnp
+4pw2ayB5mVy9E3YFez0a/NHEBDKrkngmQmWQxmcVzBLNDYhoR/NQPQ6JZjtR1kMC
+AwEAAaOBpjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0f
+BDkwNzA1oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1T
+ZXJ2ZXJDQS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8v
+b2NzcC50aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEA
+IKus8RSbHoHfE36J44uEyGPMxFnfaEZLoZs+k6aZPnfVyvhDwNKPmfoEkaFWtqQ1
+Q+5IzVWGXCQOd5R4bWiiJRhG33KCDmRfqnVrCX0X+V6N72e9Zw51ac1Tv+Noipan
+s/yFWHIOod8fw6ELGcXzOd5mEt5XlCFWm/2IKtRCG9E=
+-----END CERTIFICATE-----
Added: torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF5jCCBM6gAwIBAgIQbmuco/dSNbSVN4bU5RNUqTANBgkqhkiG9w0BAQUFADCB
+vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
+YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv
+VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew
+HhcNMDcwMTMwMDAwMDAwWhcNMDkwMTI5MjM1OTU5WjCCAR4xEDAOBgNVBAUTBzMw
+MTQyNjcxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs
+YXdhcmUxCzAJBgNVBAYTAlVTMRMwEQYDVQQRFAo5NTEzMS0yMDIxMQswCQYDVQQI
+EwJDQTERMA8GA1UEBxQIU2FuIEpvc2UxFjAUBgNVBAkUDTIyMTEgTiAxc3QgU3Qx
+FDASBgNVBAoUC1BheXBhbCBJbmMuMRwwGgYDVQQLFBNJbmZvcm1hdGlvbiBTeXN0
+ZW1zMTMwMQYDVQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9y
+cGEgKGMpMDYxFzAVBgNVBAMUDnd3dy5wYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC0ldZuxq9UVX26JfEnMM+U7pM+husarblH+rS18AyT8Aqf
+0oOZJ+439TESAQ521/9zDqXYpm5++VoNN5/M3HbQ63ksuqDILhA+G1sU0jA9RD38
+z992oazPJQDTfmeK+amv50+4okUT8QTDkb9WHjUI/gpf14AYQ628UFQQGO6WlQID
+AQABo4IB/zCCAfswCQYDVR0TBAIwADAdBgNVHQ4EFgQU7VBMXqBNGpJwm/AUUdLW
+nWziydAwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVklu
+dGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkG
+C2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu
+LmNvbS9ycGEwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhC
+BAEGCisGAQQBgjcKAwMwHwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8w
+dgYIKwYBBQUHAQEEajBoMCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3Au
+dmVyaXNpZ24uY29tMDkGCCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJp
+c2lnbi5jb20vRVZJbnRsMjAwNi5jZXIwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcw
+VRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4w
+JRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwDQYJKoZIhvcN
+AQEFBQADggEBADGj5/xJrl7mzkgcE6zf44jzT0Iw+/BLAzcerNixC3xZ57rPPhxu
+WRMKVzgIDYQzu/ed2oLRz6eefjF2Xs9XqLK1RDYRyDldksxP/AxB52AEGoBbufQ1
+xKWziRJXaUmqA27FBbx89lYrj3m6VQkkJ7bK+IpP9vQzpg86ZBQs0UWtxsQbO9zp
+D8IaeI+K97d5CgRfXixgfUR3OttmhofzmR9Zfawcui+MoEu0lrjeZNgAkEaCVlcH
+m0iL1rOpmhX/7b5DUpTWN3jopw9/VQTCqxcu+0zoEcNU02yadEVCNumWAEllTJ5D
+ePLh8FkejTsIkNexlknGZX4eQJYBo90wUok=
+-----END CERTIFICATE-----
Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'mail.google.com'
+p3
+sS'timestamp'
+p4
+F1213551284.4130349
+sS'cert'
+p5
+S'./data/soat/ssl/certs/mail.google.com.pem'
+p6
+sS'exit_node'
+p7
+S'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'
+p8
+sb.
\ No newline at end of file
Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'addons.mozilla.org'
+p3
+sS'timestamp'
+p4
+F1213551285.951535
+sS'cert'
+p5
+S'./data/soat/ssl/certs/addons.mozilla.org.pem'
+p6
+sS'exit_node'
+p7
+S'$CEE08B38D516CC60AFB1984F46F428FC88826C14'
+p8
+sb.
\ No newline at end of file
Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'www.fastmail.fm'
+p3
+sS'timestamp'
+p4
+F1213551292.174912
+sS'cert'
+p5
+S'./data/soat/ssl/certs/www.fastmail.fm.pem'
+p6
+sS'exit_node'
+p7
+S'$CEE08B38D516CC60AFB1984F46F428FC88826C14'
+p8
+sb.
\ No newline at end of file
Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result 2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'www.paypal.com'
+p3
+sS'timestamp'
+p4
+F1213551288.8847311
+sS'cert'
+p5
+S'./data/soat/ssl/certs/www.paypal.com.pem'
+p6
+sS'exit_node'
+p7
+S'$CEE08B38D516CC60AFB1984F46F428FC88826C14'
+p8
+sb.
\ No newline at end of file
Modified: torflow/branches/gsoc2008/soat.py
===================================================================
--- torflow/branches/gsoc2008/soat.py 2008-06-15 17:35:45 UTC (rev 15280)
+++ torflow/branches/gsoc2008/soat.py 2008-06-15 17:41:22 UTC (rev 15281)
@@ -2,10 +2,12 @@
import os
import random
import re
+import pickle
from sets import Set
import socket
import string
import sys
+import time
import urllib
import urllib2
@@ -28,7 +30,9 @@
sys.path.append("./tools/pyssh")
import pyssh
+#
# config stuff
+#
user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1) Gecko/20061010 Firefox/2.0'
@@ -38,12 +42,20 @@
same_origin_policy = True
+ssl_certs_directory = './data/soat/ssl/certs/';
+ssl_nodes_results_directory = './data/soat/ssl/nodesResults/';
+ssl_nodes_positive_directory = './data/soat/ssl/nodesPositive/';
+
+#
# links of interest
+#
-doc_urls = ['http://www.torproject.org']
-doc_https = []
+docs_http = ['http://www.torproject.org']
+docs_https = ['mail.google.com','addons.mozilla.org','www.paypal.com','www.fastmail.fm']
+#
# ports to test in the consistency test
+#
ports_to_check = [
["pop", ExitPolicyRestriction('255.255.255.255', 110), "pops", ExitPolicyRestriction('255.255.255.255', 995)],
@@ -53,7 +65,9 @@
["http", ExitPolicyRestriction('255.255.255.255', 80), "https", ExitPolicyRestriction('255.255.255.255', 443)]
]
+#
# constants
+#
linebreak = '\r\n'
@@ -79,6 +93,21 @@
s = s[:-1]
return s
+# a class for saving ssl test results
+class OpenSSLTestResult:
+ def __init__(self, exit_node, ssl_site, cert_file):
+ self.exit_node = exit_node
+ self.ssl_site = ssl_site
+ self.timestamp = time.time()
+ self.cert = cert_file
+
+# a class for saving http test results
+class HttpTestResult:
+ def __init__(self, exit_node, website):
+ self.exit_node = exit_node
+ self.website = website
+ self.timestamp = time.time()
+
# The scanner class
class ExitNodeScanner:
@@ -115,7 +144,7 @@
plog('INFO', 'ExitNodeScanner up and ready')
def get_exit_node(self):
- self.__client.writeline("GETLASTEXIT" + linebreak)
+ self.__client.writeline("GETLASTEXIT")
reply = self.__client.readline()
if reply[:3] != '250':
@@ -182,7 +211,7 @@
content = f.read()
content = content.decode('ascii', 'ignore')
- print content
+ direct_page = BeautifulSoup(content)
defaultsocket = socket.socket
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, tor_host, tor_port)
@@ -194,15 +223,20 @@
except Exception, e:
plog('ERROR', 'Opening ' + address + ' via tor failed')
plog('ERROR', e)
+ socket.socket = defaultsocket
return 0
pcontent = g.read()
+ pcontent.decode('ascii', 'ignore')
- print pcontent
+ node_page = BeautifulSoup(pcontent)
# reset the default connection
socket.socket = defaultsocket
+ # nasty tags: a, applet, div, embed, form, frame, iframe, img, link, script
+ # also check DOM event stuff
+
return 0
def check_openssh(self, address):
@@ -217,7 +251,7 @@
def check_openssl(self, address):
# specify the context
- ctx = SSL.Context(SSL.SSLv3_METHOD)
+ ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_verify_depth(1)
# ready the certificate request
@@ -234,13 +268,26 @@
c.send(crypto.dump_certificate_request(crypto.FILETYPE_ASN1,request))
cert = c.get_peer_certificate()
+ cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
- print 'Issuer: ', cert.get_issuer()
- print 'Public key: ', cert.get_pubkey()
- print 'Subject: ', cert.get_subject()
- print 'Version: ', cert.get_version()
+ # save the cert
- # open a connection via tor
+ cert_file_handle = open(ssl_certs_directory + address + '.pem', 'w')
+ cert_file_handle.write(cert_pem)
+ cert_file_handle.close()
+
+ # if the original certificate was invalid, stop here
+ if cert.has_expired():
+ plog('INFO', 'SSL certificate of the ' + address + ' server has expired. Skipping to the next test')
+ return 0
+
+ # check whether we already have a circuit.
+ # if yes, open a connection via tor, otherwise skip to the next test
+ exit_node = self.get_exit_node()
+ if exit_node == 0:
+ plog('INFO', 'We have no exit node to test, skipping to the next test.')
+ return 0
+
defaultsocket = socket.socket
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, tor_host, tor_port)
socket.socket = socks.socksocket
@@ -248,25 +295,45 @@
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c2 = SSL.Connection(ctx, s2)
c2.set_connect_state()
+
+ plog('INFO', 'Opening an ssl connection to ' + address + ' using exit node ' + `exit_node`)
- plog('INFO', 'Opening an ssl connection to ' + address + ' using exit node ' + self.get_exit_node())
-
c2.connect((address, 443))
c2.send(crypto.dump_certificate_request(crypto.FILETYPE_ASN1,request))
cert2 = c2.get_peer_certificate()
+ cert2_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert2)
- print 'Issuer: ', cert2.get_issuer()
- print 'Public key: ', cert2.get_pubkey()
- print 'Subject: ', cert2.get_subject()
- print 'Version: ', cert2.get_version()
-
+ # compare the received cert to the original
+ #
+ # if certs match, save the result of the test only. no need to keep the same cert in two files
+ #
+ # if certs are different, file the test result under positive cases
+ # save the received cert for inspection
+
+ if cert_pem == cert2_pem:
+ cert_file = ssl_certs_directory + address + '.pem'
+ result = OpenSSLTestResult(exit_node, address, cert_file)
+ result_file = open(ssl_nodes_results_directory + `exit_node` + '_' + address + '.result','w')
+ pickle.dump(result, result_file)
+ else:
+ plog('ERROR', 'Exit node ' + `exit_node` + ' seems to be meddling with certificates. (' + address + ')')
+
+ cert_file = ssl_certs_directory + address + '_' + `exit_node` + '.pem'
+ cert_file_handle = open(cert_file, 'w')
+ cert_file_handle.write(cert2_pem)
+ cert_file_handle.close()
+
+ result = OpenSSLTestResult(exit_node, address, cert_file)
+ result_file = open(ssl_nodes_positive_directory + `exit_node` + '_' + address + '.result','w')
+ pickle.dump(result, result_file)
+
+ plog('INFO', 'Test complete. Moving on...')
# reset the default connection
socket.socket = defaultsocket
return 0
-
# some helpful methods
'''
@@ -298,6 +365,18 @@
return urllist
+def load_cert():
+ filehandler = open('./data/soat/ssl/certs/addons.mozilla.org.pem','r')
+ string = filehandler.read()
+
+ ctx = SSL.Context(SSL.SSLv23_METHOD)
+ ctx.use_certificate_file('./data/soat/ssl/certs/addons.mozilla.org.pem')
+
+ cert = crypto.load_certificate(crypto.FILETYPE_PEM, string)
+ print cert.get_subject()
+
+ return 0
+
'''
Find links to files related to a query
'''
@@ -340,30 +419,32 @@
response.status + ' ' + response.reason)
return []
+#
# main logic
-
+#
def main(argv):
scanner = ExitNodeScanner(meta_host, meta_port)
- '''
- scanner.check_all_exits_port_consistency()
- scanner.get_exit_node()
- scanner.check_http("http://math.ut.ee/~aleksei/ip.php")
- scanner.check_openssh("http://math.ut.ee/~aleksei/ip.php")
-
- '''
- scanner.check_openssl("mail.google.com")
- '''
+ # consistency test
+ # scanner.check_all_exits_port_consistency()
+
+ # find sites for http testing if necessary
+ #
+ # global doc_urls
+ # doc_urls.extend(load_url_list())
+ # doc_urls = list(Set(doc_urls))
+ # plog('NOTICE', 'Final URL list: ' + '\n'.join(doc_urls) + '\n')
+
+ # https test
+ for ssl_site in docs_https:
+ scanner.check_openssl(ssl_site)
- global doc_urls
- doc_urls.extend(load_url_list())
- doc_urls = list(Set(doc_urls))
+ # http test
+ # for http_site in docs_http:
+ # scanner.check_http(http_site)
- plog('NOTICE', 'Final URL list: ' + '\n'.join(doc_urls) + '\n')
- plog('INFO', 'Beginning scan loop... some day?')
- '''
-
+#
# initiate the program
-
+#
if __name__ == '__main__':
main(sys.argv)
More information about the tor-commits
mailing list