Skip to content

Instantly share code, notes, and snippets.

@FiloSottile FiloSottile/ticketbleed.go Secret
Last active Oct 18, 2019

Embed
What would you like to do?
package main
import (
"crypto/tls"
"fmt"
"log"
"strings"
)
var Target = "example.com:443"
func main() {
conf := &tls.Config{
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(32),
}
conn, err := tls.Dial("tcp", Target, conf)
if err != nil {
log.Fatalln("Failed to connect:", err)
}
conn.Close()
conn, err = tls.Dial("tcp", Target, conf)
if err != nil && strings.Contains(err.Error(), "unexpected message") {
fmt.Println(Target, "is vulnerable to Ticketbleed")
} else if err != nil {
log.Fatalln("Failed to reconnect:", err)
} else {
fmt.Println(Target, "does NOT appear to be vulnerable")
conn.Close()
}
}
@smrx86

This comment has been minimized.

Copy link

smrx86 commented Feb 27, 2017

i think it will more elegant to run this scripts with argument... ^^

package main

import (
	"crypto/tls"
	"fmt"
	"log"
	"strings"
	"os"
)

func main() {
	if len(os.Args) !=2 {
		fmt.Fprintf(os.Stderr, "Usage: %s target:port\n", os.Args[0])
		os.Exit(1)
	}
	Target := os.Args[1]
	
	conf := &tls.Config{
		InsecureSkipVerify: true,
		ClientSessionCache: tls.NewLRUClientSessionCache(32),
	}

	conn, err := tls.Dial("tcp", Target, conf)
	if err != nil {
		log.Fatalln("Failed to connect:", err)
	}
	conn.Close()

	conn, err = tls.Dial("tcp", Target, conf)
	if err != nil && strings.Contains(err.Error(), "unexpected message") {
		fmt.Println(Target, "is vulnerable to Ticketbleed")
	} else if err != nil {
		log.Fatalln("Failed to reconnect:", err)
	} else {
		fmt.Println(Target, "does NOT appear to be vulnerable")
		conn.Close()
	}
}
@majewsky

This comment has been minimized.

Copy link

majewsky commented Apr 24, 2017

Also, add the standard shebang for Go while you're on it, so it can actually be executed like a script:

///usr/bin/env/go run "$0" "$@"; exit $?
@liushuping

This comment has been minimized.

Copy link

liushuping commented Oct 17, 2019

I have a test host testsite.azure-api.net:443, and tested it with https://filippo.io/ticketbleed/#testsite.azure-api.net:443, result shows the host is vulnerable to ticket bleed.

testsite.azure-api.net:443 IS VULNERABLE*

but when use this script (ticketbleed.go), it outputs

testsite.azure-api.net:443 does NOT appear to be vulnerable.

Also I used nmap -p 443 --script tls-ticketbleed testsite.azure-api.net for checking, but no issue found. Is the script or https://filippo.io/ticketbleed still updated?

Qualys check (https://www.ssllabs.com/ssltest/analyze.html?d=testsite.azure-api.net) shows below result

Ticketbleed (vulnerability) | No, but similar bug detected (more info)

However I don't find any detailed information from the more info link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.