Skip to content

Instantly share code, notes, and snippets.

@bdrewery

bdrewery/gist:1079590

Forked from anonymous/gist:1079589
Last active September 26, 2015 09:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save bdrewery/1079590 to your computer and use it in GitHub Desktop.
Save bdrewery/1079590 to your computer and use it in GitHub Desktop.
Download ZIP
Wraith SSL
Raw
gistfile1.md

Done

  1. SSL IRC
  • IPv6 works as well.
  1. SSL botnet Linking
  • Currently requires ssl.pem file
  • Replaces old ghost protocol (custom AES). This makes the connection much more secure.
  1. SSL partyline
  • No extra ports needed
  • openssl s_client -starttls pop3 -connect host:port
  • STLS or STARTTLS as a username, then the client should initiate handshake.
  1. DH params builtin (512, 1024, 2048) for better key exchanges

Todo

  1. Store fingerprint in userfile via chfingerprint
  2. Support fingerprint when adding a bot: .newleaf bot fingerprint hosts
  3. Store fingerprint for hubs in pack.cfg on HUB lines
  4. Fingerprint verification
  5. verify fingerprints of connecting peers
  6. verify fingerprint of hubs/localhubs
  7. store private key and cert in binary
  • Creating a new bot should generate a private key / cert and store it.

Nice to have

  1. support user certs on telnet to bypass password
  2. Ability to override SSL Ciphers
  • Default: HIGH:!MEDIUM:!LOW:!EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:@STRENGTH
  1. Override libssl location
  2. libssl CRC checks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment