-
Notifications
You must be signed in to change notification settings - Fork 4
/
sslayer.py
executable file
·110 lines (90 loc) · 3.63 KB
/
sslayer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import sys
import ssl
import socket
import tlslite.api
from Peach.Publishers.tcp import TcpListener
from Peach.publisher import PublisherSoftException
from Peach.Engine.common import PeachException
class SSL(TcpListener):
def __init__(self, host, port, cert, pkey, timeout=0.25):
TcpListener.__init__(self, host, port, timeout)
self.cert = cert
self.pkey = pkey
def accept(self):
print("[*] Waiting for incoming connection")
client, addr = self._listen.accept()
print("[*] Client:", addr[0], addr[1])
print("[*] Wrapping socket to TLS/SSL")
try:
self._socket = ssl.wrap_socket(client,
server_side=True,
certfile=self.cert,
keyfile=self.pkey,
do_handshake_on_connect=False)
except ssl.SSLError as e:
raise PeachException(str(e))
print("[*] Performing TLS/SSL handshake")
try:
self._socket.do_handshake()
except ssl.SSLError as e:
raise PeachException(str(e))
def close(self):
try:
if self._socket is not None:
self._socket.shutdown(socket.SHUT_RDWR)
self._socket.close()
except:
pass
finally:
self._socket = None
class TLSLiteServer(TcpListener):
def __init__(self, host, port, version, cert, pkey, timeout=0.25):
TcpListener.__init__(self, host, port, timeout)
self.cert = cert
self.pkey = pkey
self.version = version
try:
with open(self.cert) as fd:
cert_content = fd.read()
except IOError:
raise PeachException("Unable to open %s" % self.cert)
x509 = tlslite.api.X509()
x509.parse(cert_content)
self.certChain = tlslite.api.X509CertChain([x509])
try:
with open(self.pkey) as fd:
pkey_content = fd.read()
except IOError:
raise PeachException("Unable to open %s" % self.pkey)
self.privateKey = tlslite.api.parsePEMKey(pkey_content, private=True)
def accept(self):
print("[*] Waiting for incoming connection")
sys.stdout.flush()
client, addr = self._listen.accept()
print("[*] Connected by %s:%s" % (addr[0], str(addr[1])))
print("[*] Wrapping socket to TLS/SSL")
try:
self._socket = tlslite.api.TLSConnection(client)
except:
client.close()
value = sys.exc_info()[1]
msg = "[!] Wrapping socket failed, reason: %s" % value
raise PublisherSoftException(msg)
print("[*] Performing TLS/SSL handshake)")
try:
self._socket.handshakeServer(certChain=self.certChain,
privateKey=self.privateKey,
#reqCert=True,
nextProtos=[self.version])
except:
self.close()
value = sys.exc_info()[1]
msg = "[!] Performing TLS/SSL handshake failed, reason: %s" % value
raise PublisherSoftException(msg)
print("done!")
class SPDYPublisher(TLSLiteServer):
def __init__(self, host, port, cert, pkey, timeout=0.25):
TLSLiteServer.__init__(self, host, port, cert, pkey, timeout)