Skip to content

fix tls-grab option with ztls mode #1259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ehsandeep merged 3 commits into from
Jun 27, 2023
Merged

fix tls-grab option with ztls mode #1259

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
26341e5
fix tls-grab option with ztls mode
RamanaReddy0M Jun 26, 2023
c0720cd
using canonical concatenation
Mzack9999 Jun 27, 2023
9c4c203
mod tidy
Mzack9999 Jun 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions common/httpx/httpx.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,8 +264,12 @@ get_response:
resp.Lines = len(strings.Split(respbodystr, "\n"))

if !h.Options.Unsafe && h.Options.TLSGrab {
// extracts TLS data if any
resp.TLSData = h.TLSGrab(httpresp)
if h.Options.ZTLS {
resp.TLSData = h.ZTLSGrab(httpresp)
} else {
// extracts TLS data if any
resp.TLSData = h.TLSGrab(httpresp)
}
}

resp.CSPData = h.CSPGrab(&resp)
Expand Down
39 changes: 39 additions & 0 deletions common/httpx/tls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,13 @@ package httpx
import (
"crypto/tls"
"crypto/x509"
"fmt"
"net"
"net/http"

"github.com/projectdiscovery/tlsx/pkg/tlsx/clients"
"github.com/projectdiscovery/tlsx/pkg/tlsx/ztls"
zmaptls "github.com/zmap/zcrypto/tls"
)

// versionToTLSVersionString converts tls version to version string
Expand Down Expand Up @@ -48,6 +51,42 @@ func (h *HTTPX) TLSGrab(r *http.Response) *clients.Response {
return response
}

func (h *HTTPX) ZTLSGrab(r *http.Response) *clients.Response {
host := r.Request.URL.Host
hostname, port, _ := net.SplitHostPort(host)
if hostname == "" {
hostname = host
}
if port == "" {
port = "443"
}
// canonical net concatenation
host = net.JoinHostPort(hostname, fmt.Sprint(port))
tlsConn, err := h.Dialer.DialTLS(r.Request.Context(), "tcp", host)
if err != nil {
return nil
}
ztlsConn, ok := (tlsConn).(*zmaptls.Conn)
if !ok {
return nil
}
ztlsState := ztlsConn.ConnectionState()
if len(ztlsState.PeerCertificates) == 0 {
return nil
}
response := &clients.Response{
Host: hostname,
ProbeStatus: true,
Port: port,
Version: versionToTLSVersionString[ztlsState.Version],
Cipher: tls.CipherSuiteName(ztlsState.CipherSuite),
TLSConnection: "ztls",
CertificateResponse: ztls.ConvertCertificateToResponse(&clients.Options{}, hostname, ztlsState.PeerCertificates[0]),
ServerName: ztlsState.ServerName,
}
return response
}

func convertCertificateToResponse(hostname string, cert *x509.Certificate) *clients.CertificateResponse {
response := &clients.CertificateResponse{
SubjectAN: cert.DNSNames,
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ require (
github.com/projectdiscovery/tlsx v1.1.0
github.com/projectdiscovery/utils v0.0.38
github.com/stretchr/testify v1.8.4
github.com/zmap/zcrypto v0.0.0-20230205235340-d51ce4775101
go.uber.org/multierr v1.11.0
golang.org/x/exp v0.0.0-20230420155640-133eef4313cb
)
Expand Down Expand Up @@ -136,7 +137,6 @@ require (
github.com/yuin/goldmark-emoji v1.0.1 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248 // indirect
github.com/zmap/zcrypto v0.0.0-20230205235340-d51ce4775101 // indirect
golang.org/x/crypto v0.10.0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/oauth2 v0.9.0 // indirect
Expand Down