Module: Ronin::Support::Network::SSL

Included in:: TLS

Defined in:: lib/ronin/support/network/ssl.rb,
lib/ronin/support/network/ssl/mixin.rb,
lib/ronin/support/network/ssl/proxy.rb,
lib/ronin/support/network/ssl/local_key.rb,
lib/ronin/support/network/ssl/local_cert.rb

Overview

Top-level SSL methods.

Defined Under Namespace

Modules: LocalCert, LocalKey, Mixin Classes: Proxy

Constant Summary collapse

VERSIONS = SSL/TLS versions

{
  1   => OpenSSL::SSL::TLS1_VERSION,
  1.1 => OpenSSL::SSL::TLS1_1_VERSION,
  1.2 => OpenSSL::SSL::TLS1_2_VERSION,
  1.3 => OpenSSL::SSL::TLS1_3_VERSION,

  # deprecated TLS version symbols
  :TLSv1   => OpenSSL::SSL::TLS1_VERSION,
  :TLSv1_1 => OpenSSL::SSL::TLS1_1_VERSION,
  :TLSv1_2 => OpenSSL::SSL::TLS1_2_VERSION
}

VERIFY = SSL verify modes

{
  none:                 OpenSSL::SSL::VERIFY_NONE,
  peer:                 OpenSSL::SSL::VERIFY_PEER,
  fail_if_no_peer_cert: OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT,
  client_once:          OpenSSL::SSL::VERIFY_CLIENT_ONCE,
  true               => OpenSSL::SSL::VERIFY_PEER,
  false              => OpenSSL::SSL::VERIFY_NONE
}

Class Method Summary collapse

.accept(**kwargs) {|client| ... } ⇒ nil
Creates a new SSL socket listening on a given host and port, accepts only one client and then stops listening.
.banner(host, port, **kwargs) {|banner| ... } ⇒ String
Reads the banner from the service running on the given host and port.
.cert ⇒ Crypto::Cert
The default SSL certificate used for all SSL server sockets.
.cert=(new_cert) ⇒ Crypto::Cert, OpenSSL::X509::Certificate
Overrides the default SSL certificate.
.connect(host, port, hostname: host, bind_host: nil, bind_port: nil, **kwargs) {|ssl_socket| ... } ⇒ OpenSSL::SSL::SSLSocket^?
Establishes a SSL connection.
.connect_and_send(data, host, port, **kwargs) {|ssl_socket| ... } ⇒ Object
Creates a new SSL connection and sends the given data.
.context(version: nil, min_version: nil, max_version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ OpenSSL::SSL::SSLContext
Creates a new SSL Context.
.get_cert(host, port, **kwargs) ⇒ Crypto::Cert
Connects to the host and port and returns the server's certificate.
.key ⇒ Crypto::Key::RSA
The default RSA key used for all SSL server sockets.
.key=(new_key) ⇒ Crypto::Key::RSA, OpenSSL::PKey::RSA
Overrides the default RSA key.
.open?(host, port, timeout: 5, **kwargs) ⇒ Boolean^?
Tests whether a remote SSLed TCP port is open.
.send(data, host, port, **kwargs) ⇒ true
Connects to a specified host and port, sends the given data and then closes the connection.
.server(port: 0, host: nil, backlog: 5, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer
Creates a new SSL server listening on a given host and port.
.server_loop(**kwargs) {|client| ... } ⇒ nil
Creates a new SSL socket listening on a given host and port, accepting clients in a loop.
.server_session(**kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer
Creates a new temporary SSL server listening on a given host and port.
.server_socket(socket, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) ⇒ OpenSSL::SSL::SSLSocket
Accepts an SSL session from an existing TCP socket.
.socket(socket, **kwargs) ⇒ OpenSSL::SSL::SSLSocket
Initiates an SSL session with an existing TCP socket.

Class Method Details

.accept(**kwargs) {|client| ... } ⇒ `nil`

Creates a new SSL socket listening on a given host and port, accepts only one client and then stops listening.

Examples:

ssl_accept(1337) do |client|
  client.puts 'lol'
end

Using a self-signed certificate:e

# $ openssl genrsa -out ssl.key 1024
# $ openssl req -new -key ssl.key -x509 -days 3653 -out ssl.crt
# $ cat ssl.key ssl.crt > ssl.pem
# $ chmod 600 ssl.key ssl.pem
SSL.accept(port: 1337, cert: 'ssl.crt', key: 'ssl.key') do |client|
  client.puts 'lol'
end

Parameters:

kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for server.

Options Hash (**kwargs):

:port (Integer) — default: 0 —
The local port to listen on.
:host (String, nil) —
The host to bind to.
:backlog (Integer) — default: 5 —
The maximum backlog of pending connections.
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: Network::SSL.key —
The RSA key to use for the SSL context.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: Network::SSL.cert —
The X509 certificate to use for the SSL context.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(client) —
The given block will be passed the newly connected client. After the block has finished, both the client and the server will be closed.

Yield Parameters:

client (OpenSSL::SSL::SSLSocket) —
The newly connected client.

Returns:

(nil)

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 744

def self.accept(**kwargs)
  server_session(**kwargs) do |server|
    ssl_client = server.accept

    yield ssl_client if block_given?
    ssl_client.close
  end
end

Reads the banner from the service running on the given host and port.

Examples:

SSL.banner('smtp.gmail.com',465)
# => "220 mx.google.com ESMTP c20sm3096959rvf.1"

Parameters:

host (String) —
The host to connect to.
port (Integer) —
The port to connect to.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for connect.

Options Hash (**kwargs):

:bind_host (String) —
The local host to bind to.
:bind_port (Integer) —
The local port to bind to.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(banner) —
If a block is given, it will be passed the grabbed banner.

Yield Parameters:

banner (String) —
The grabbed banner.

Returns:

(String) —
The grabbed banner.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 490

def self.banner(host,port,**kwargs)
  banner = nil

  connect(host,port,**kwargs) do |ssl_socket|
    banner = ssl_socket.readline.strip
  end

  yield banner if block_given?
  return banner
end

.cert ⇒ `Crypto::Cert`

The default SSL certificate used for all SSL server sockets.

Returns:

(Crypto::Cert) —
The default SSL certificate.



85
86
87

# File 'lib/ronin/support/network/ssl.rb', line 85

def self.cert
  @cert ||= LocalCert.fetch
end

.cert=(new_cert) ⇒ `Crypto::Cert`, `OpenSSL::X509::Certificate`

Overrides the default SSL certificate.

Parameters:

new_cert (Crypto::Cert, OpenSSL::X509::Certificate) —
The new SSL certificate.

Returns:

(Crypto::Cert, OpenSSL::X509::Certificate) —
The new default SSL certificate.



98
99
100

# File 'lib/ronin/support/network/ssl.rb', line 98

def self.cert=(new_cert)
  @cert = new_cert
end

.connect(host, port, hostname: host, bind_host: nil, bind_port: nil, **kwargs) {|ssl_socket| ... } ⇒ `OpenSSL::SSL::SSLSocket`^?

Establishes a SSL connection.

Examples:

socket = ssl_connect('twitter.com',443)

ssl_connect('twitter.com',443) do |sock|
  sock.write("GET / HTTP/1.1\n\r\n\r")

  sock.each_line { |line| puts line }
end

socket = SSL.connect('twitter.com',443)

SSL.connect('twitter.com',443) do |sock|
  sock.write("GET / HTTP/1.1\n\r\n\r")

  sock.each_line { |line| puts line }
end

Parameters:

host (String) —
The host to connect to.
port (Integer) —
The port to connect to.
hostname (String, nil) (defaults to: host) —
Sets the hostname used for SNI.
bind_host (String) (defaults to: nil) —
The local host to bind to.
bind_port (Integer) (defaults to: nil) —
The local port to bind to.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for socket.

Options Hash (**kwargs):

:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(ssl_socket) —
The given block will be passed the new SSL socket. Once the block returns the SSL socket will be closed.

Yield Parameters:

ssl_socket (OpenSSL::SSL::SSLSocket) —
The new SSL Socket.

Returns:

(OpenSSL::SSL::SSLSocket, nil) —
The new SSL Socket. If a block is given, then nil will be returned.

.connect_and_send(data, host, port, **kwargs) {|ssl_socket| ... } ⇒ `Object`

Creates a new SSL connection and sends the given data.

Parameters:

data (String) —
The data to send through the connection.
host (String) —
The host to connect to.
port (Integer) —
The port to connect to.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for connect.

Options Hash (**kwargs):

:bind_host (String) —
The local host to bind to.
:bind_port (Integer) —
The local port to bind to.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(ssl_socket) —
The given block will be passed the newly created SSL Socket.

Yield Parameters:

ssl_socket (OpenSSL::SSL::SSLSocket) —
The newly created SSL Socket.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 421

def self.connect_and_send(data,host,port,**kwargs)
  socket = connect(host,port,**kwargs)
  socket.write(data)

  yield socket if block_given?
  return socket
end

.context(version: nil, min_version: nil, max_version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ `OpenSSL::SSL::SSLContext`

Creates a new SSL Context.

Parameters:

version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: nil) —
The SSL version to use.
min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: nil) —
The minimum SSL version to use.
max_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: nil) —
The maximum SSL version to use.
verify (Symbol, Boolean) (defaults to: :none) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) (defaults to: nil) —
The RSA key to use for the SSL context.
key_file (String, nil) (defaults to: nil) —
The path to the RSA .key file.
cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) (defaults to: nil) —
The X509 certificate to use for the SSL context.
cert_file (String, nil) (defaults to: nil) —
The path to the SSL .crt or .pem file.
ca_bundle (String, nil) (defaults to: nil) —
Path to the CA bundle file or directory.

Returns:

(OpenSSL::SSL::SSLContext) —
The newly created SSL Context.

Raises:

(ArgumentError) —
cert_file: or cert: keyword arguments also require a key_file: or key: keyword argument.

Since:

1.0.0

# File 'lib/ronin/support/network/ssl.rb', line 149

def self.context(version:     nil,
                 min_version: nil,
                 max_version: nil,
                 verify:      :none,
                 key:         nil,
                 key_file:    nil,
                 cert:        nil,
                 cert_file:   nil,
                 ca_bundle:   nil)
  context = OpenSSL::SSL::SSLContext.new

  if version
    version = VERSIONS.fetch(version,version)

    context.min_version = context.max_version = version
  else min_version || max_version
    if min_version
      context.min_version = VERSIONS.fetch(min_version,min_version)
    end

    if max_version
      context.max_version = VERSIONS.fetch(max_version,max_version)
    end
  end

  context.verify_mode = VERIFY[verify]

  if (key_file || key) && (cert_file || cert)
    context.key  = if key_file then Crypto::Key.load_file(key_file)
                   else             key
                   end

    context.cert = if cert_file then Crypto::Cert.load_file(cert_file)
                   else              cert
                   end
  elsif (key_file || key) || (cert_file || cert)
    raise(ArgumentError,"cert_file: and cert: keyword arguments also require a key_file: or key: keyword argument")
  end

  if ca_bundle
    if File.file?(ca_bundle)
      context.ca_file = ca_bundle
    elsif File.directory?(ca_bundle)
      context.ca_path = ca_bundle
    end
  end

  return context
end

.get_cert(host, port, **kwargs) ⇒ `Crypto::Cert`

Connects to the host and port and returns the server's certificate.

Parameters:

host (String) —
The host to connect to.
port (Integer) —
The port to connect to.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for connect.

Options Hash (**kwargs):

:bind_host (String) —
The local host to bind to.
:bind_port (Integer) —
The local port to bind to.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Returns:

(Crypto::Cert) —
The server's certificate.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 450

def self.get_cert(host,port,**kwargs)
  socket = connect(host,port,**kwargs)
  cert   = Crypto::Cert(socket.peer_cert)

  socket.close
  return cert
end

.key ⇒ `Crypto::Key::RSA`

The default RSA key used for all SSL server sockets.

Returns:

(Crypto::Key::RSA) —
The default RSA key.



62
63
64

# File 'lib/ronin/support/network/ssl.rb', line 62

def self.key
  @key ||= LocalKey.fetch
end

.key=(new_key) ⇒ `Crypto::Key::RSA`, `OpenSSL::PKey::RSA`

Overrides the default RSA key.

Parameters:

new_key (Crypto::Key::RSA, OpenSSL::PKey::RSA) —
The new RSA key.

Returns:

(Crypto::Key::RSA, OpenSSL::PKey::RSA) —
The new default RSA key.



75
76
77

# File 'lib/ronin/support/network/ssl.rb', line 75

def self.key=(new_key)
  @key = new_key
end

.open?(host, port, timeout: 5, **kwargs) ⇒ `Boolean`^?

Tests whether a remote SSLed TCP port is open.

Examples:

ssl_open?('www.bankofamerica.com',443)

Using a timeout:

ssl_open?('example.com',80, timeout: 5)
# => nil

Parameters:

host (String) —
The host to connect to.
port (Integer) —
The port to connect to.
timeout (Integer) (defaults to: 5) —
(5) The maximum time to attempt connecting.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for connect.

Options Hash (**kwargs):

:bind_host (String) —
The local host to bind to.
:bind_port (Integer) —
The local port to bind to.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Returns:

(Boolean, nil) —
Specifies whether the remote SSLed TCP port is open. If the connection was not accepted, nil will be returned.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 303

def self.open?(host,port, timeout: 5, **kwargs)
  Timeout.timeout(timeout) do
    connect(host,port,**kwargs)
  end

  return true
rescue Timeout::Error
  return nil
rescue SocketError, SystemCallError
  return false
end

.send(data, host, port, **kwargs) ⇒ `true`

Connects to a specified host and port, sends the given data and then closes the connection.

Examples:

buffer = "GET /#{'A' * 4096}\n\r"
SSL.send(buffer,'victim.com',443)
# => true

Parameters:

data (String) —
The data to send through the connection.
host (String) —
The host to connect to.
port (Integer) —
The port to connect to.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for connect.

Options Hash (**kwargs):

:bind_host (String) —
The local host to bind to.
:bind_port (Integer) —
The local port to bind to.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Returns:

(true) —
The data was successfully sent.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 531

def self.send(data,host,port,**kwargs)
  connect(host,port,**kwargs) do |socket|
    socket.write(data)
  end

  return true
end

.server(port: 0, host: nil, backlog: 5, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) {|server| ... } ⇒ `OpenSSL::SSL::SSLServer`

Creates a new SSL server listening on a given host and port.

Parameters:

port (Integer) (defaults to: 0) —
The local port to listen on.
host (String, nil) (defaults to: nil) —
The host to bind to.
backlog (Integer) (defaults to: 5) —
(5) The maximum backlog of pending connections.
key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) (defaults to: Network::SSL.key) —
The RSA key to use for the SSL context.
cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) (defaults to: Network::SSL.cert) —
The X509 certificate to use for the SSL context.
kwargs (Hash) —
a customizable set of options

Options Hash (**kwargs):

:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(server) —
The given block will be passed the newly created SSL server.

Yield Parameters:

server (OpenSSL::SSL::SSLServer) —
The newly created SSL server.

Returns:

(OpenSSL::SSL::SSLServer) —
The newly created SSL server.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 602

def self.server(port:    0,
                host:    nil,
                backlog: 5,
                key:     Network::SSL.key,
                cert:    Network::SSL.cert,
                **kwargs)
  context    = self.context(key: key, cert: cert, **kwargs)
  tcp_server = TCP.server(port: port, host: host, backlog: backlog)
  ssl_server = OpenSSL::SSL::SSLServer.new(tcp_server,context)

  yield ssl_server if block_given?
  return ssl_server
end

.server_loop(**kwargs) {|client| ... } ⇒ `nil`

Creates a new SSL socket listening on a given host and port, accepting clients in a loop.

Examples:

# $ openssl genrsa -out ssl.key 1024
# $ openssl req -new -key ssl.key -x509 -days 3653 -out ssl.crt
# $ cat ssl.key ssl.crt > ssl.pem
# $ chmod 600 ssl.key ssl.pem
SSL.server_loop(port: 1337, cert: 'ssl.crt', key: 'ssl.key') do |sock|
  sock.puts 'lol'
end

Parameters:

kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for server.

Options Hash (**kwargs):

:port (Integer) — default: 0 —
The local port to listen on.
:host (String, nil) —
The host to bind to.
:backlog (Integer) — default: 5 —
The maximum backlog of pending connections.
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: Network::SSL.key —
The RSA key to use for the SSL context.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: Network::SSL.cert —
The X509 certificate to use for the SSL context.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(client) —
The given block will be passed the newly connected client. After the block has finished, the client will be closed.

Yield Parameters:

client (OpenSSL::SSL::SSLSocket) —
A newly connected client.

Returns:

(nil)

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 696

def self.server_loop(**kwargs)
  server(**kwargs) do |ssl_server|
    loop do
      ssl_client = ssl_server.accept

      yield ssl_client if block_given?
      ssl_client.close
    end
  end
end

.server_session(**kwargs) {|server| ... } ⇒ `OpenSSL::SSL::SSLServer`

Creates a new temporary SSL server listening on a given host and port.

Parameters:

kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for server.

Options Hash (**kwargs):

:port (Integer) — default: 0 —
The local port to listen on.
:host (String, nil) —
The host to bind to.
:backlog (Integer) — default: 5 —
The maximum backlog of pending connections.
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: Network::SSL.key —
The RSA key to use for the SSL context.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: Network::SSL.cert —
The X509 certificate to use for the SSL context.
:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Yields:

(server) —
The given block will be passed the newly created SSL server. Once the block has finished, the server will be closed.

Yield Parameters:

server (OpenSSL::SSL::SSLServer) —
The newly created SSL server.

Returns:

(OpenSSL::SSL::SSLServer) —
The newly created SSL server.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 659

def self.server_session(**kwargs,&block)
  ssl_server = self.server(**kwargs,&block)
  ssl_server.close
  return ssl_server
end

.server_socket(socket, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) ⇒ `OpenSSL::SSL::SSLSocket`

Accepts an SSL session from an existing TCP socket.

Parameters:

socket (TCPSocket) —
The existing TCP socket.
key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) (defaults to: Network::SSL.key) —
The RSA key to use for the SSL context.
cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) (defaults to: Network::SSL.cert) —
The X509 certificate to use for the SSL context.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for socket.

Options Hash (**kwargs):

:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Returns:

(OpenSSL::SSL::SSLSocket) —
The new SSL Socket.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 563

def self.server_socket(socket, key:  Network::SSL.key,
                               cert: Network::SSL.cert,
                               **kwargs)
  socket(socket, cert: cert, key: key, **kwargs)
end

.socket(socket, **kwargs) ⇒ `OpenSSL::SSL::SSLSocket`

Initiates an SSL session with an existing TCP socket.

Parameters:

socket (TCPSocket) —
The existing TCP socket.
kwargs (Hash{Symbol => Object}) —
Additional keyword arguments for context.

Options Hash (**kwargs):

:version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The SSL version to use.
:min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The minimum SSL version to use.
:max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —
The maximum SSL version to use.
:verify (Symbol, Boolean) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
:key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —
The RSA key to use for the SSL context.
:key_file (String) —
The path to the SSL .key file.
:cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —
The X509 certificate to use for the SSL context.
:cert_file (String) —
The path to the SSL .crt file.
:ca_bundle (String) —
Path to the CA certificate file or directory.

Returns:

(OpenSSL::SSL::SSLSocket) —
The new SSL Socket.

Since:

1.1.0

# File 'lib/ronin/support/network/ssl.rb', line 253

def self.socket(socket,**kwargs)
  ssl_socket = OpenSSL::SSL::SSLSocket.new(socket,context(**kwargs))

  ssl_socket.sync_close = true
  return ssl_socket
end

Module: Ronin::Support::Network::SSL

Overview

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.accept(**kwargs) {|client| ... } ⇒ nil

.banner(host, port, **kwargs) {|banner| ... } ⇒ String

.cert ⇒ Crypto::Cert

.cert=(new_cert) ⇒ Crypto::Cert, OpenSSL::X509::Certificate

.connect(host, port, hostname: host, bind_host: nil, bind_port: nil, **kwargs) {|ssl_socket| ... } ⇒ OpenSSL::SSL::SSLSocket?

.connect_and_send(data, host, port, **kwargs) {|ssl_socket| ... } ⇒ Object

.context(version: nil, min_version: nil, max_version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ OpenSSL::SSL::SSLContext

.get_cert(host, port, **kwargs) ⇒ Crypto::Cert

.key ⇒ Crypto::Key::RSA

.key=(new_key) ⇒ Crypto::Key::RSA, OpenSSL::PKey::RSA

.open?(host, port, timeout: 5, **kwargs) ⇒ Boolean?

.send(data, host, port, **kwargs) ⇒ true

.server(port: 0, host: nil, backlog: 5, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer

.server_loop(**kwargs) {|client| ... } ⇒ nil

.server_session(**kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer

.server_socket(socket, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) ⇒ OpenSSL::SSL::SSLSocket

.socket(socket, **kwargs) ⇒ OpenSSL::SSL::SSLSocket

.accept(**kwargs) {|client| ... } ⇒ `nil`

.banner(host, port, **kwargs) {|banner| ... } ⇒ `String`

.cert ⇒ `Crypto::Cert`

.cert=(new_cert) ⇒ `Crypto::Cert`, `OpenSSL::X509::Certificate`

.connect(host, port, hostname: host, bind_host: nil, bind_port: nil, **kwargs) {|ssl_socket| ... } ⇒ `OpenSSL::SSL::SSLSocket`^?

.connect_and_send(data, host, port, **kwargs) {|ssl_socket| ... } ⇒ `Object`

.context(version: nil, min_version: nil, max_version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ `OpenSSL::SSL::SSLContext`

.get_cert(host, port, **kwargs) ⇒ `Crypto::Cert`

.key ⇒ `Crypto::Key::RSA`

.key=(new_key) ⇒ `Crypto::Key::RSA`, `OpenSSL::PKey::RSA`

.open?(host, port, timeout: 5, **kwargs) ⇒ `Boolean`^?

.send(data, host, port, **kwargs) ⇒ `true`

.server(port: 0, host: nil, backlog: 5, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) {|server| ... } ⇒ `OpenSSL::SSL::SSLServer`

.server_loop(**kwargs) {|client| ... } ⇒ `nil`

.server_session(**kwargs) {|server| ... } ⇒ `OpenSSL::SSL::SSLServer`

.server_socket(socket, key: Network::SSL.key, cert: Network::SSL.cert, **kwargs) ⇒ `OpenSSL::SSL::SSLSocket`

.socket(socket, **kwargs) ⇒ `OpenSSL::SSL::SSLSocket`