Skip to content

Instantly share code, notes, and snippets.

@FiloSottile
Last active May 13, 2024 16:20
Show Gist options
  • Save FiloSottile/fc7822b1f5b475a25e58d77d1b394860 to your computer and use it in GitHub Desktop.
Save FiloSottile/fc7822b1f5b475a25e58d77d1b394860 to your computer and use it in GitHub Desktop.
package main
import (
"crypto/tls"
"fmt"
"log"
"strings"
)
var Target = "example.com:443"
func main() {
conf := &tls.Config{
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(32),
}
conn, err := tls.Dial("tcp", Target, conf)
if err != nil {
log.Fatalln("Failed to connect:", err)
}
conn.Close()
conn, err = tls.Dial("tcp", Target, conf)
if err != nil && strings.Contains(err.Error(), "unexpected message") {
fmt.Println(Target, "is vulnerable to Ticketbleed")
} else if err != nil {
log.Fatalln("Failed to reconnect:", err)
} else {
fmt.Println(Target, "does NOT appear to be vulnerable")
conn.Close()
}
}
@liushuping
Copy link

liushuping commented Oct 17, 2019

I have a test host testsite.azure-api.net:443, and tested it with https://filippo.io/ticketbleed/#testsite.azure-api.net:443, result shows the host is vulnerable to ticket bleed.

testsite.azure-api.net:443 IS VULNERABLE*

but when use this script (ticketbleed.go), it outputs

testsite.azure-api.net:443 does NOT appear to be vulnerable.

Also I used nmap -p 443 --script tls-ticketbleed testsite.azure-api.net for checking, but no issue found. Is the script or https://filippo.io/ticketbleed still updated?

Qualys check (https://www.ssllabs.com/ssltest/analyze.html?d=testsite.azure-api.net) shows below result

Ticketbleed (vulnerability) | No, but similar bug detected (more info)

However I don't find any detailed information from the more info link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment