Merge pull request #10 from RUB-NDS/publication

Publication

Author: jurajsomorovsky

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/HeartbleedAttack.java

@@ -1,21 +1,20 @@
 /**
  * TLS-Attacker - A Modular Penetration Testing Framework for TLS.
  *
- * Copyright (C) 2015 Chair for Network and Data Security,
- *                    Ruhr University Bochum
- *                    (juraj.somorovsky@rub.de)
+ * Copyright (C) 2015 Chair for Network and Data Security, Ruhr University
+ * Bochum (juraj.somorovsky@rub.de)
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
  */
 package de.rub.nds.tlsattacker.attacks.impl;
 
@@ -30,6 +29,7 @@
 import de.rub.nds.tlsattacker.tls.constants.ConnectionEnd;
 import de.rub.nds.tlsattacker.tls.protocol.heartbeat.HeartbeatMessage;
 import de.rub.nds.tlsattacker.tls.constants.ProtocolMessageType;
+import de.rub.nds.tlsattacker.tls.exceptions.WorkflowExecutionException;
 import de.rub.nds.tlsattacker.tls.util.LogLevel;
 import de.rub.nds.tlsattacker.tls.workflow.TlsContext;
 import de.rub.nds.tlsattacker.tls.workflow.WorkflowExecutor;
@@ -70,16 +70,27 @@ public void executeAttack(ConfigHandler configHandler) {
 	hb.setPayload(payload);
 	hb.setPayloadLength(payloadLength);
 
-	workflowExecutor.executeWorkflow();
+	try {
+	    workflowExecutor.executeWorkflow();
+	} catch (WorkflowExecutionException ex) {
+	    LOGGER.info(
+		    "The TLS protocol flow was not executed completely, follow the debug messages for more information.",
+		    ex);
+	}
 
-	HeartbeatMessage lastMessage = (HeartbeatMessage) trace.getProtocolMessages().get(
-		trace.getProtocolMessages().size() - 1);
-	if (lastMessage.getMessageIssuer() == ConnectionEnd.SERVER) {
-	    LOGGER.log(LogLevel.CONSOLE_OUTPUT,
-		    "The server responds with a heartbeat message, although the client heartbeat message contains an invalid ");
+	if (trace.containsServerFinished()) {
+	    HeartbeatMessage lastMessage = (HeartbeatMessage) trace.getProtocolMessages().get(
+		    trace.getProtocolMessages().size() - 1);
+	    if (lastMessage.getMessageIssuer() == ConnectionEnd.SERVER) {
+		LOGGER.log(LogLevel.CONSOLE_OUTPUT,
+			"Vulnerable. The server responds with a heartbeat message, although the client heartbeat message contains an invalid ");
+	    } else {
+		LOGGER.log(LogLevel.CONSOLE_OUTPUT,
+			"(Most probably) Not vulnerable. The server does not respond with a heartbeat message, it is not vulnerable");
+	    }
 	} else {
 	    LOGGER.log(LogLevel.CONSOLE_OUTPUT,
-		    "The server does not respond with a heartbeat message, it is not vulnerable");
+		    "Correct TLS handshake cannot be executed, no Server Finished message found. Check the server configuration.");
 	}
 
 	tlsContexts.add(tlsContext);

README.md

@@ -80,7 +80,7 @@ $ java -jar target/TLS-Attacker-1.0.jar client -help
 
 The Attacks module contains some attacks, you can for example test for the padding oracle vulnerabilities:
 ```bash
-$ cd Attacks/target
+$ cd Runnable
 $ java -jar target/TLS-Attacker-1.0.jar padding_oracle 
 ```
 
@@ -314,6 +314,7 @@ We can of course use this concept by constructing our TLS workflows. Imagine you
 </workflowTrace>
 ```
 As you can see, we explicitly increased the payload length of the Heartbeat message by 2000.
+If you run the attack against the vulnerable server (e.g., OpenSSL 1.0.1f), you should see a valid Heartbeat response.
 
 Further examples on attacks and fuzzing are in the Wiki.
 

Runnable/src/main/java/de/rub/nds/tlsattacker/Main.java

@@ -46,6 +46,8 @@
 import de.rub.nds.tlsattacker.tls.config.GeneralConfig;
 import de.rub.nds.tlsattacker.tls.config.WorkflowTraceSerializer;
 import de.rub.nds.tlsattacker.tls.exceptions.ConfigurationException;
+import de.rub.nds.tlsattacker.tls.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.tls.util.LogLevel;
 import de.rub.nds.tlsattacker.tls.workflow.TlsContext;
 import de.rub.nds.tlsattacker.tls.workflow.WorkflowExecutor;
 import de.rub.nds.tlsattacker.transport.TransportHandler;
@@ -54,13 +56,17 @@
 import java.io.IOException;
 import java.util.List;
 import javax.xml.bind.JAXBException;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * 
  * @author Juraj Somorovsky <juraj.somorovsky@rub.de>
  */
 public class Main {
 
+    private static final Logger LOGGER = LogManager.getLogger(Main.class);
+
     public static void main(String[] args) throws Exception {
 
 	GeneralConfig generalConfig = new GeneralConfig();
@@ -172,7 +178,13 @@ private static void startSimpleTls(GeneralConfig generalConfig, CommandConfig co
 	TlsContext tlsContext = configHandler.initializeTlsContext(config);
 	WorkflowExecutor workflowExecutor = configHandler.initializeWorkflowExecutor(transportHandler, tlsContext);
 
-	workflowExecutor.executeWorkflow();
+	try {
+	    workflowExecutor.executeWorkflow();
+	} catch (WorkflowExecutionException ex) {
+	    LOGGER.info(ex.getLocalizedMessage(), ex);
+	    LOGGER.log(LogLevel.CONSOLE_OUTPUT,
+		    "The TLS protocol flow was not executed completely, follow the debug messages for more information.");
+	}
 
 	transportHandler.closeConnection();
 

resources/README

@@ -1,4 +1,16 @@
-RSA key pair generation (password is password):
+Java keystores have the password password and the alias alias, see e.g.:
+```bash
+$ keytool -list -keystore rsa1024.jks
+```
+
+Pem keys are without password:
+```bash
+$ openssl rsa -in rsa1024key.pem -text
+$ openssl x509 -in rsa1024cert.pem -text
+```
+
+
+The following commands were used for RSA key pair generation (password is password):
 
 - Generate JKS:
 keytool -keystore rsa1024.jks -genkeypair -alias alias -validity 3650 -keysize 1024 -keyalg rsa
@@ -20,7 +32,7 @@ openssl rsa -in rsa1024key.pem -out rsa1024key.pem
 
 
 
-EC key pair generation (password is password):
+The following commands were used for RSA key pair generation EC key pair generation (password is password):
 
 - Generate JKS:
 keytool -keystore ec256.jks -genkeypair -alias alias -validity 3650 -keysize 256 -keyalg ec
@@ -38,4 +50,7 @@ openssl pkcs12 -in ec256.p12 -out ec256cert.pem -nokeys
 openssl pkcs12 -in ec256.p12 -out ec256key.pem -nocerts
 
 - Remove password from the key file:
-openssl ec -in ec256key.pem -out ec256key.pem
+openssl ec -in ec256key.pem -out ec256key.pem
+
+
+For more information on the different formats, see: http://web-in-security.blogspot.de/2015/11/playing-with-certificates-from.html