-
-
Save FiloSottile/fc7822b1f5b475a25e58d77d1b394860 to your computer and use it in GitHub Desktop.
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"log" | |
"strings" | |
) | |
var Target = "example.com:443" | |
func main() { | |
conf := &tls.Config{ | |
InsecureSkipVerify: true, | |
ClientSessionCache: tls.NewLRUClientSessionCache(32), | |
} | |
conn, err := tls.Dial("tcp", Target, conf) | |
if err != nil { | |
log.Fatalln("Failed to connect:", err) | |
} | |
conn.Close() | |
conn, err = tls.Dial("tcp", Target, conf) | |
if err != nil && strings.Contains(err.Error(), "unexpected message") { | |
fmt.Println(Target, "is vulnerable to Ticketbleed") | |
} else if err != nil { | |
log.Fatalln("Failed to reconnect:", err) | |
} else { | |
fmt.Println(Target, "does NOT appear to be vulnerable") | |
conn.Close() | |
} | |
} |
Also, add the standard shebang for Go while you're on it, so it can actually be executed like a script:
///usr/bin/env/go run "$0" "$@"; exit $?
I have a test host testsite.azure-api.net:443
, and tested it with https://filippo.io/ticketbleed/#testsite.azure-api.net:443, result shows the host is vulnerable to ticket bleed.
testsite.azure-api.net:443 IS VULNERABLE*
but when use this script (ticketbleed.go), it outputs
testsite.azure-api.net:443 does NOT appear to be vulnerable.
Also I used nmap -p 443 --script tls-ticketbleed testsite.azure-api.net
for checking, but no issue found. Is the script or https://filippo.io/ticketbleed still updated?
Qualys check (https://www.ssllabs.com/ssltest/analyze.html?d=testsite.azure-api.net) shows below result
Ticketbleed (vulnerability) | No, but similar bug detected (more info)
However I don't find any detailed information from the more info link.
i think it will more elegant to run this scripts with argument... ^^