Skip to content

Instantly share code, notes, and snippets.

@FiloSottile
Last active December 30, 2020 14:38
  • Star 25 You must be signed in to star a gist
  • Fork 13 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
package main
import (
"crypto/tls"
"fmt"
"log"
"strings"
)
var Target = "example.com:443"
func main() {
conf := &tls.Config{
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(32),
}
conn, err := tls.Dial("tcp", Target, conf)
if err != nil {
log.Fatalln("Failed to connect:", err)
}
conn.Close()
conn, err = tls.Dial("tcp", Target, conf)
if err != nil && strings.Contains(err.Error(), "unexpected message") {
fmt.Println(Target, "is vulnerable to Ticketbleed")
} else if err != nil {
log.Fatalln("Failed to reconnect:", err)
} else {
fmt.Println(Target, "does NOT appear to be vulnerable")
conn.Close()
}
}
@liushuping
Copy link

liushuping commented Oct 17, 2019

I have a test host testsite.azure-api.net:443, and tested it with https://filippo.io/ticketbleed/#testsite.azure-api.net:443, result shows the host is vulnerable to ticket bleed.

testsite.azure-api.net:443 IS VULNERABLE*

but when use this script (ticketbleed.go), it outputs

testsite.azure-api.net:443 does NOT appear to be vulnerable.

Also I used nmap -p 443 --script tls-ticketbleed testsite.azure-api.net for checking, but no issue found. Is the script or https://filippo.io/ticketbleed still updated?

Qualys check (https://www.ssllabs.com/ssltest/analyze.html?d=testsite.azure-api.net) shows below result

Ticketbleed (vulnerability) | No, but similar bug detected (more info)

However I don't find any detailed information from the more info link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment