Commit Graph

26 Commits (54eab4ea3d82862f33c4c61a365375f3780e30e1)

Author SHA1 Message Date
HD Moore ba9c763f7e Auto-generated SSL certs now match "snakeoil" defaults
This change emulates the auto-generated snakeoil certificate from Ubuntu 14.04. The main changes including moving to 2048-bit RSA, SHA256, a single name CN for subject/issuer, and the removal of most certificate extensions.
2014-11-21 18:25:04 -06:00
HD Moore d530046164 Bugfix. Chrome is a liar (chain certs properly) 2014-11-19 16:08:03 -06:00
HD Moore 0d091f1c03 Support SSL intermediate certs, closes #4238
Note that this does not apply to reverse_tcp meterpreter clients yet, as
they do not allow certificates to be supplied. I abstracted out the SSL
certificate generation and parsing methods so that we can address this
next.
2014-11-19 15:56:49 -06:00
Joe Vennix de06480f4f Add a defined? check to fix older versions of OpenSSL.
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
Joe Vennix e74e75fe6f Revert changes to legacy rescues. 2013-11-20 12:20:34 -06:00
Joe Vennix d51b92b06f Turns out & ~ does work.
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
2013-11-20 00:01:48 -06:00
Joe Vennix a8c55f23a7 Remove &~ bit-clearing method in favor of defaults.
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
2013-11-19 23:42:58 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option.
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
James Lee 6a0b240d10 Add some better docs for Rex::Socket 2013-04-10 12:41:41 -05:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore 7f758e42e8 Fix up SSL behavior (correctly, this time). Update the msfrpc tools to support the new MessagePack code, fix various defaults in the plugin. Fixes #5116
git-svn-id: file:///home/svn/framework3/trunk@13416 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 23:58:05 +00:00
HD Moore f57799943c Rework this patch to only enable non-blocking openssl on Windows, as this has also reproduced on BT5 with 1.9.2
git-svn-id: file:///home/svn/framework3/trunk@13411 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 19:10:20 +00:00
HD Moore ace9ca86a8 This commit abstracts the non-blocking SSL check so that it verifies existence of the non-blocking API and skips Mac OS X. This should fix some of the issues with meterpreter on MacOS X with Ruby 1.9.2
git-svn-id: file:///home/svn/framework3/trunk@13404 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 03:34:15 +00:00
James Lee d1e2f274f9 add ability to use arbitrary certs with SSL server sockets.
git-svn-id: file:///home/svn/framework3/trunk@12675 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-20 23:12:35 +00:00
HD Moore c668534105 This normalizes openssl non-blocking support across both 1.8.x/1.9.1 and 1.9.2+
git-svn-id: file:///home/svn/framework3/trunk@12509 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-02 17:25:26 +00:00
HD Moore 39cab9b076 Correct use of select and expand the listen queue for TCP Servers
git-svn-id: file:///home/svn/framework3/trunk@12484 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 18:08:52 +00:00
HD Moore 96ac0fd51a Swap out exceptions
git-svn-id: file:///home/svn/framework3/trunk@12481 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 08:47:32 +00:00
HD Moore 5758f2ab46 Add support for non-blocking OpenSSL sockets when the Ruby version supports them (1.9.2+ or with openssl-nonblock gem).
git-svn-id: file:///home/svn/framework3/trunk@12480 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 07:59:33 +00:00
Stephen Fewer fd2469db24 Commit the Ruby end for TCP server channels, the modified TCP client channels and the support for pivoting a reverse_tcp meterpreter.
git-svn-id: file:///home/svn/framework3/trunk@8384 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 17:59:25 +00:00
HD Moore 6885ffa48f Improvements to the SSL TCP Server mixin
git-svn-id: file:///home/svn/framework3/trunk@7409 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 00:13:25 +00:00
kris efe44ba6b5 bleh.. a bit of tabs vs spaces
git-svn-id: file:///home/svn/framework3/trunk@7171 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-16 18:27:18 +00:00
HD Moore 616491a552 Play nice with ruby implementations without readline and openssl
git-svn-id: file:///home/svn/framework3/trunk@5895 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-12 22:47:21 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
HD Moore 1ea29ba8f0 Fixes #218. Updates the http password capture module. Removes a bogus makefile from the tree
git-svn-id: file:///home/svn/framework3/trunk@5452 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-22 06:34:52 +00:00
bmc df49cfabb0 * add SSL TCP server support, using runtime generated/signed keys
* add HTTPS support

note, SSL service tests don't work.  Right now, the tests just bail early.  The
client spins forever trying to get data.  When the client & server are in
seperate processes, this isn't a problem.  A threaded test implementation is
closer, as data sent from the client gets to the server just fine.


git-svn-id: file:///home/svn/incoming/trunk@3616 4d416f70-5f16-0410-b530-b9f4589650da
2006-04-24 18:49:00 +00:00