forked from okoeroo/ssl_all_the_things
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
49 lines (41 loc) · 1.27 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Trying to download all the SSL certificate chains in the 2^32 space.
This project has a:
# Client
Scans only port 443 at the moment.
# Server
Small and simple django app.
How does it work?
------
1: Setup the django application, an howto is provided in 'server/start.txt
2: Setup the worker in ./worker/. The start app is: "job_sechduler.sh"
3: Worker needs to do a get at http://django/get/ it will get a text file with a 0.0.0.0/24 subnet and ip's in octets.
4: Worker starts scanning and when it's done it will post back an ip from the iprange received to: http://django/done/8.8.8.8
5: Worker goes back to point 3
6: When no data has been received for more then 30 minuts from a certain job id, it will release the job again to a worker
7: ...
8: ALL YOUR CERTIFICATES BELONG TO US and ready to be datacrunched and plotted.
Todo
---
Add a timeout
Make a file based database out of the certificates.
Datacrunch the certificates.
Testing with Nikhef's HTTPS at 192.16.199.166
Get work from Django App
Post back that work is done and get a new job
Protocol
---
Get
...
http://<service>/get/<make-up-a-nodeID>/
Result:
127 1 1 1\n127 1 1 2\n
Done
...
POST
http://<service>/done/<make-up-a-nodeID>/
Data:
ipblock=127 1 1 1
Requirements:
Fabric
Python 2.7
Django 1.3+ (tested with 1.3 and 1.4)