It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I'm trying to run a proof-of-concept script that demonstrates a man-in-the-middle TLS negotiation exploit. The trouble is, the script is written in Python and I have zero experience with Python.
The script is here: http://www.redteam-pentesting.de/files/tls-renegotiation-poc.py
The first error I received was about importing tlslite. I downloaded this module:
http://trevp.net/tlslite/tlslite-0.3.8.tar.gz
Tlslite came with an installer that required Python 2.4, so I installed that version. After that I was able to execute the script and even debug. However, I'm stuck now. I run this:
python.exe tls-renegotiation-poc.py -l 80 -b 127.0.0.1 -t encrypted.google.com:443 -i test
Then I go to 127.0.0.1 in FireFox. I think get this error in Python:
Traceback (most recent call last):
File "E:\Python24\lib\threading.py", line 442, in __bootstrap
self.run()
File "E:\Python24\lib\threading.py", line 422, in run
self.__target(*self.__args, **self.__kwargs)
File "C:\tls-renegotiation-poc.py", line 210, in handle_victim
sslsock.handshakeClientCert(settings = handshake_settings)
File "E:\Python24\Lib\site-packages\tlslite\TLSConnection.py", line 207, in handshakeClientCert
for result in handshaker:
File "E:\Python24\Lib\site-packages\tlslite\TLSConnection.py", line 369, in _handshakeClientAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "E:\Python24\Lib\site-packages\tlslite\TLSConnection.py", line 1537, in _handshakeWrapperAsync
for result in handshaker:
File "E:\Python24\Lib\site-packages\tlslite\TLSConnection.py", line 399, in _handshakeClientAsyncHelper
settings = settings._filter()
File "E:\Python24\lib\site-packages\tlslite\HandshakeSettings.py", line 143, in _filter
raise ValueError("minVersion set incorrectly")
ValueError: minVersion set incorrectly
This is my HandshakeSettings.py file (in case it helps):
"""Class for setting handshake parameters."""
from constants import CertificateType
from utils import cryptomath
from utils import cipherfactory
class HandshakeSettings:
"""This class encapsulates various parameters that can be used with
a TLS handshake.
@sort: minKeySize, maxKeySize, cipherNames, certificateTypes,
minVersion, maxVersion
@type minKeySize: int
@ivar minKeySize: The minimum bit length for asymmetric keys.
If the other party tries to use SRP, RSA, or Diffie-Hellman
parameters smaller than this length, an alert will be
signalled. The default is 1023.
@type maxKeySize: int
@ivar maxKeySize: The maximum bit length for asymmetric keys.
If the other party tries to use SRP, RSA, or Diffie-Hellman
parameters larger than this length, an alert will be signalled.
The default is 8193.
@type cipherNames: list
@ivar cipherNames: The allowed ciphers, in order of preference.
The allowed values in this list are 'aes256', 'aes128', '3des', and
'rc4'. If these settings are used with a client handshake, they
determine the order of the ciphersuites offered in the ClientHello
message.
If these settings are used with a server handshake, the server will
choose whichever ciphersuite matches the earliest entry in this
list.
NOTE: If '3des' is used in this list, but TLS Lite can't find an
add-on library that supports 3DES, then '3des' will be silently
removed.
The default value is ['aes256', 'aes128', '3des', 'rc4'].
@type certificateTypes: list
@ivar certificateTypes: The allowed certificate types, in order of
preference.
The allowed values in this list are 'x509' and 'cryptoID'. This
list is only used with a client handshake. The client will
advertise to the server which certificate types are supported, and
will check that the server uses one of the appropriate types.
NOTE: If 'cryptoID' is used in this list, but cryptoIDlib is not
installed, then 'cryptoID' will be silently removed.
@type min开发者_高级运维Version: tuple
@ivar minVersion: The minimum allowed SSL/TLS version.
This variable can be set to (3,0) for SSL 3.0, (3,1) for
TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to
use a lower version, a protocol_version alert will be signalled.
The default is (3,0).
@type maxVersion: tuple
@ivar maxVersion: The maximum allowed SSL/TLS version.
This variable can be set to (3,0) for SSL 3.0, (3,1) for
TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to
use a higher version, a protocol_version alert will be signalled.
The default is (3,2). (WARNING: Some servers may (improperly)
reject clients which offer support for TLS 1.1. In this case,
try lowering maxVersion to (3,1)).
"""
def __init__(self):
self.minKeySize = 1023
self.maxKeySize = 8193
self.cipherNames = ["aes256", "aes128", "3des", "rc4"]
self.cipherImplementations = ["cryptlib", "openssl", "pycrypto",
"python"]
self.certificateTypes = ["x509", "cryptoID"]
self.minVersion = (3,0)
self.maxVersion = (3,2)
#Filters out options that are not supported
def _filter(self):
other = HandshakeSettings()
other.minKeySize = self.minKeySize
other.maxKeySize = self.maxKeySize
other.cipherNames = self.cipherNames
other.cipherImplementations = self.cipherImplementations
other.certificateTypes = self.certificateTypes
other.minVersion = self.minVersion
other.maxVersion = self.maxVersion
if not cipherfactory.tripleDESPresent:
other.cipherNames = [e for e in self.cipherNames if e != "3des"]
if len(other.cipherNames)==0:
raise ValueError("No supported ciphers")
try:
import cryptoIDlib
except ImportError:
other.certificateTypes = [e for e in self.certificateTypes \
if e != "cryptoID"]
if len(other.certificateTypes)==0:
raise ValueError("No supported certificate types")
if not cryptomath.cryptlibpyLoaded:
other.cipherImplementations = [e for e in \
self.cipherImplementations if e != "cryptlib"]
if not cryptomath.m2cryptoLoaded:
other.cipherImplementations = [e for e in \
other.cipherImplementations if e != "openssl"]
if not cryptomath.pycryptoLoaded:
other.cipherImplementations = [e for e in \
other.cipherImplementations if e != "pycrypto"]
if len(other.cipherImplementations)==0:
raise ValueError("No supported cipher implementations")
if other.minKeySize<512:
raise ValueError("minKeySize too small")
if other.minKeySize>16384:
raise ValueError("minKeySize too large")
if other.maxKeySize<512:
raise ValueError("maxKeySize too small")
if other.maxKeySize>16384:
raise ValueError("maxKeySize too large")
for s in other.cipherNames:
if s not in ("aes256", "aes128", "rc4", "3des"):
raise ValueError("Unknown cipher name: '%s'" % s)
for s in other.cipherImplementations:
if s not in ("cryptlib", "openssl", "python", "pycrypto"):
raise ValueError("Unknown cipher implementation: '%s'" % s)
for s in other.certificateTypes:
if s not in ("x509", "cryptoID"):
raise ValueError("Unknown certificate type: '%s'" % s)
if other.minVersion > other.maxVersion:
raise ValueError("Versions set incorrectly")
if not other.minVersion in ((3,0), (3,1), (3,2)):
raise ValueError("minVersion set incorrectly")
if not other.maxVersion in ((3,0), (3,1), (3,2)):
raise ValueError("maxVersion set incorrectly")
return other
def _getCertificateTypes(self):
l = []
for ct in self.certificateTypes:
if ct == "x509":
l.append(CertificateType.x509)
elif ct == "cryptoID":
l.append(CertificateType.cryptoID)
else:
raise AssertionError()
return l
Any ideas what might be wrong? I feel like it may be a simple answer, but my unfamiliarity with Python is making this difficult for me. Thank you.
UPDATE: After changing the exception to this:
raise ValueError("minversion set incorrectly (%s)" % repr(other.minVersion))
I now get this:
ValueError: minversion set incorrectly ((69, 84))
Try printing other.minVersion in filter: It looks like the input is not what you expect (i.e. you are expecting one of three tuples `[(3, 0), (3, 1), (3, 2)] - but that isn't what you're recieving.
I often find that when throwing an error about a value outside a range like you are doing, that it is a good idea to include the offending value in the message. That would add more information to the error you are getting!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论