jvazquez-r7
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
HD Moore
11593800b6
Move X509 PEM parsing into Rex::Parser::X509Certificate
2015-03-14 15:52:23 -05:00
HD Moore
ba9c763f7e
Auto-generated SSL certs now match "snakeoil" defaults
...
This change emulates the auto-generated snakeoil certificate from Ubuntu 14.04. The main changes including moving to 2048-bit RSA, SHA256, a single name CN for subject/issuer, and the removal of most certificate extensions.
2014-11-21 18:25:04 -06:00
HD Moore
d530046164
Bugfix. Chrome is a liar (chain certs properly)
2014-11-19 16:08:03 -06:00
HD Moore
0d091f1c03
Support SSL intermediate certs, closes #4238
...
Note that this does not apply to reverse_tcp meterpreter clients yet, as
they do not allow certificates to be supplied. I abstracted out the SSL
certificate generation and parsing methods so that we can address this
next.
2014-11-19 15:56:49 -06:00
Joe Vennix
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
Joe Vennix
e74e75fe6f
Revert changes to legacy rescues.
2013-11-20 12:20:34 -06:00
Joe Vennix
d51b92b06f
Turns out & ~ does work.
...
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
2013-11-20 00:01:48 -06:00
Joe Vennix
a8c55f23a7
Remove &~ bit-clearing method in favor of defaults.
...
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
2013-11-19 23:42:58 -06:00
Joe Vennix
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
Tab Assassin
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
James Lee
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
HD Moore
d656e3185f
Mark all libraries as defaulting to 8-bit strings
2012-06-29 00:18:28 -05:00
HD Moore
7f758e42e8
Fix up SSL behavior (correctly, this time). Update the msfrpc tools to support the new MessagePack code, fix various defaults in the plugin. Fixes #5116
...
git-svn-id: file:///home/svn/framework3/trunk@13416 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 23:58:05 +00:00
HD Moore
f57799943c
Rework this patch to only enable non-blocking openssl on Windows, as this has also reproduced on BT5 with 1.9.2
...
git-svn-id: file:///home/svn/framework3/trunk@13411 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 19:10:20 +00:00
HD Moore
ace9ca86a8
This commit abstracts the non-blocking SSL check so that it verifies existence of the non-blocking API and skips Mac OS X. This should fix some of the issues with meterpreter on MacOS X with Ruby 1.9.2
...
git-svn-id: file:///home/svn/framework3/trunk@13404 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-29 03:34:15 +00:00
James Lee
d1e2f274f9
add ability to use arbitrary certs with SSL server sockets.
...
git-svn-id: file:///home/svn/framework3/trunk@12675 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-20 23:12:35 +00:00
HD Moore
c668534105
This normalizes openssl non-blocking support across both 1.8.x/1.9.1 and 1.9.2+
...
git-svn-id: file:///home/svn/framework3/trunk@12509 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-02 17:25:26 +00:00
HD Moore
39cab9b076
Correct use of select and expand the listen queue for TCP Servers
...
git-svn-id: file:///home/svn/framework3/trunk@12484 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 18:08:52 +00:00
HD Moore
96ac0fd51a
Swap out exceptions
...
git-svn-id: file:///home/svn/framework3/trunk@12481 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 08:47:32 +00:00
HD Moore
5758f2ab46
Add support for non-blocking OpenSSL sockets when the Ruby version supports them (1.9.2+ or with openssl-nonblock gem).
...
git-svn-id: file:///home/svn/framework3/trunk@12480 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 07:59:33 +00:00
Stephen Fewer
fd2469db24
Commit the Ruby end for TCP server channels, the modified TCP client channels and the support for pivoting a reverse_tcp meterpreter.
...
git-svn-id: file:///home/svn/framework3/trunk@8384 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 17:59:25 +00:00
HD Moore
6885ffa48f
Improvements to the SSL TCP Server mixin
...
git-svn-id: file:///home/svn/framework3/trunk@7409 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 00:13:25 +00:00
kris
efe44ba6b5
bleh.. a bit of tabs vs spaces
...
git-svn-id: file:///home/svn/framework3/trunk@7171 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-16 18:27:18 +00:00
HD Moore
616491a552
Play nice with ruby implementations without readline and openssl
...
git-svn-id: file:///home/svn/framework3/trunk@5895 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-12 22:47:21 +00:00
Ramon de C Valle
f124597a56
Code cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
HD Moore
1ea29ba8f0
Fixes #218 . Updates the http password capture module. Removes a bogus makefile from the tree
...
git-svn-id: file:///home/svn/framework3/trunk@5452 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-22 06:34:52 +00:00
bmc
df49cfabb0
* add SSL TCP server support, using runtime generated/signed keys
...
* add HTTPS support
note, SSL service tests don't work. Right now, the tests just bail early. The
client spins forever trying to get data. When the client & server are in
seperate processes, this isn't a problem. A threaded test implementation is
closer, as data sent from the client gets to the server just fine.
git-svn-id: file:///home/svn/incoming/trunk@3616 4d416f70-5f16-0410-b530-b9f4589650da
2006-04-24 18:49:00 +00:00