Skip to content

Instantly share code, notes, and snippets.

@FiloSottile

FiloSottile/ticketbleed.go Secret

Last active Dec 30, 2020
Embed
What would you like to do?
package main
import (
"crypto/tls"
"fmt"
"log"
"strings"
)
var Target = "example.com:443"
func main() {
conf := &tls.Config{
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(32),
}
conn, err := tls.Dial("tcp", Target, conf)
if err != nil {
log.Fatalln("Failed to connect:", err)
}
conn.Close()
conn, err = tls.Dial("tcp", Target, conf)
if err != nil && strings.Contains(err.Error(), "unexpected message") {
fmt.Println(Target, "is vulnerable to Ticketbleed")
} else if err != nil {
log.Fatalln("Failed to reconnect:", err)
} else {
fmt.Println(Target, "does NOT appear to be vulnerable")
conn.Close()
}
}
@smrx86

This comment has been minimized.

Copy link

@smrx86 smrx86 commented Feb 27, 2017

i think it will more elegant to run this scripts with argument... ^^

package main

import (
	"crypto/tls"
	"fmt"
	"log"
	"strings"
	"os"
)

func main() {
	if len(os.Args) !=2 {
		fmt.Fprintf(os.Stderr, "Usage: %s target:port\n", os.Args[0])
		os.Exit(1)
	}
	Target := os.Args[1]
	
	conf := &tls.Config{
		InsecureSkipVerify: true,
		ClientSessionCache: tls.NewLRUClientSessionCache(32),
	}

	conn, err := tls.Dial("tcp", Target, conf)
	if err != nil {
		log.Fatalln("Failed to connect:", err)
	}
	conn.Close()

	conn, err = tls.Dial("tcp", Target, conf)
	if err != nil && strings.Contains(err.Error(), "unexpected message") {
		fmt.Println(Target, "is vulnerable to Ticketbleed")
	} else if err != nil {
		log.Fatalln("Failed to reconnect:", err)
	} else {
		fmt.Println(Target, "does NOT appear to be vulnerable")
		conn.Close()
	}
}
@majewsky

This comment has been minimized.

Copy link

@majewsky majewsky commented Apr 24, 2017

Also, add the standard shebang for Go while you're on it, so it can actually be executed like a script:

///usr/bin/env/go run "$0" "$@"; exit $?
@liushuping

This comment has been minimized.

Copy link

@liushuping liushuping commented Oct 17, 2019

I have a test host testsite.azure-api.net:443, and tested it with https://filippo.io/ticketbleed/#testsite.azure-api.net:443, result shows the host is vulnerable to ticket bleed.

testsite.azure-api.net:443 IS VULNERABLE*

but when use this script (ticketbleed.go), it outputs

testsite.azure-api.net:443 does NOT appear to be vulnerable.

Also I used nmap -p 443 --script tls-ticketbleed testsite.azure-api.net for checking, but no issue found. Is the script or https://filippo.io/ticketbleed still updated?

Qualys check (https://www.ssllabs.com/ssltest/analyze.html?d=testsite.azure-api.net) shows below result

Ticketbleed (vulnerability) | No, but similar bug detected (more info)

However I don't find any detailed information from the more info link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment