Saturday, 16 July 2011

Testing for SSL-TLS (OWASP-CM-001)

A nice tool for SSL cipher testing is this Perl script: ssl-cipher-check.pl, however, in Backtrack and also on other distros you may get this error the first time you run it:
ssl-cipher-check.pl -vw my.exampledomain.com 443
...
ERROR: Unable to find /usr/bin/gnutls-cli-debug.
Please install the gnutls-devel package
To avoid that simply install the missing package as follows:
# apt-get install gnutls-bin
After that the tool should be working correctly, I like to use it as follows (this performs some general checks and then looks only for enabled weak -w- ciphers):
ssl-cipher-check.pl -vw host port >> ciphers 2>> ciphers.errors
This looks for strong (s) ciphers, you can check for all ciphers (weak or strong) using the "a" option:
ssl-cipher-check.pl -vs host port >> ciphers 2>> ciphers.errors
Example cipher output:
TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits
TLSv1:EDH-RSA-DES-CBC3-SHA - ENABLED - STRONG 168 bits
TLSv1:DHE-RSA-AES128-SHA - ENABLED - STRONG 128 bits
TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits
TLSv1:RC4-SHA - ENABLED - STRONG 128 bits
TLSv1:DHE-RSA-AES256-SHA - ENABLED - STRONG 256 bits
TLSv1:AES128-SHA - ENABLED - STRONG 128 bits
TLSv1:AES256-SHA - ENABLED - STRONG 256 bits
Because you can save the output into a text file you can always scan for all ciphers and then grep for "WEAK" in it.
Another interesting tool for SSL Testing is called sslscan, this does not need you to install the gnutls-bin package and will work straightaway in Backtrack (it is also already included in Backtrack by the way).
In the following URL there are a few nice tips on what to look for when parsing sslscan output. Instead of calling sslscan several times however it is more efficient to do something like this:
Step 1: First save output into a text file:
# sslscan my.examplehost.com:443 > sslscan.txt
Step 2: Now look for what you need in that output (so you only run sslscan once):
root@bt:~# grep "Accepted SSLv2" sslscan.txt
root@bt:~# grep "Accepted SSLv3" sslscan.txt
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
root@bt:~# grep "Accepted TLS" sslscan.txt
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
root@bt:~# grep -i "MD5WithRSAEncryption" sslscan.txt
Another cool tip from the ssl_tests bash script mentioned above is the simplicity to test for the famous SSL renegotiation:
echo R | openssl s_client -connect my.examplehost.com:443 | grep DONE
A blog post on SSL testing could not be complete without mentioning the excellent SSL labs tool from Qualys. IMPORTANT: If you are doing this in a pentest or vulnerability assessment please make sure you tick the check-box "Do not show the results on the boards" to avoid issues down the line :)-i.e. your customer might welcome that little bit of anonymity-
This tool is great but will obviously only work when what you are testing is directly reachable from the internet, which sometimes is not the case (for example, in a pre-going-live test). Apart from presenting a cool overall summary graph like below, it will also perform a comprehensive SSL test on the web server:
Useful references with plenty of additional material on this: