OWASP / O-Saft

O-Saft - OWASP SSL advanced forensic tool
GNU General Public License v2.0
373 stars 86 forks source link

Getting error in latest source code 22.XX.XX. #133

Closed spmishra121 closed 12 months ago

spmishra121 commented 1 year ago

I am observing below error in latest source code file...

WARNING: 149: no executable for '/usr/local/openssl/bin/openssl' found; all openssl functionality disabled !!Hint: consider using '--openssl=/path/to/openssl' WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file WARNING: 060: no PEM file for CA found; using '--ca-file=/etc/ssl/certs/ca-certificates.crt' Use of uninitialized value $_no in regexp compilation at ./o-saft.pl line 245. Use of uninitialized value $_no in regexp compilation at ./o-saft.pl line 245. Use of uninitialized value $_no in regexp compilation at ./o-saft.pl line 245. WARNING: if default file does not exist, some certificate checks may fail !!Hint: use '--ca-file=/full/path/ca-certificates.crt' WARNING: 101: 'require Net/SSLhello.pm' failed ERROR: 010: syntax error at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1545, near "%osaft::TLS_EXTENSIONS{" Global symbol "$first_indent" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1545. Global symbol "$__first_indent" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1547. Global symbol "$decode_str" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1548. Global symbol "$__first_indent" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1549. Global symbol "$key" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1551. Global symbol "$key" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1551. Global symbol "$key" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1552. Global symbol "$key" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1552. Global symbol "$line" requires explicit package name at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1555. syntax error at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1557, near "}" /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm has too many errors. Compilation failed in require at ./o-saft.pl line 308. at ./o-saft.pl line 1226.

EnDe commented 1 year ago

Use of uninitialized value $_no in regexp compilation at ./o-saft.pl line 245.

fixed in o-saft.pl

EnDe commented 1 year ago

**ERROR: 010: syntax error at /home/satyap/O-Saft-22.11.22/Net/SSLhello.pm line 1545, near ...

This sounds like a corrupted Net/SSLhello.pm. All following are aftereffects. Please check with wc Net/SSLhello.pm which should report approx. 6347 39974 437872. Calling o-saft.pl --version should not report any ERROR or perl errors. If so, please provide the output starting at the line "= Required (and used) Modules =" (feel free to remove private parts in the @INC part). Thanks.

cmckinney18 commented 1 year ago

I'm getting the exact same error, and wc reports those exact numbers (6347, 39974, 437872). Tried several different ways, just pulled again from git repo. Here's what I get when I run the command ./o-saft.pl --version:

**WARNING: 101: 'require Net/SSLhello.pm' failed
**ERROR: 010: syntax error at /local/O-Saft/Net/SSLhello.pm line 1545, near "%osaft::TLS_EXTENSIONS{"
Global symbol "$__first_indent" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1545.
Global symbol "$__first_indent" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1547.
Global symbol "$__decode_str" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1548.
Global symbol "$__first_indent" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1549.
Global symbol "$key" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1551.
Global symbol "$key" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1551.
Global symbol "$key" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1552.
Global symbol "$key" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1552.
Global symbol "$line" requires explicit package name at /local/O-Saft/Net/SSLhello.pm line 1555.
syntax error at /local/O-Saft/Net/SSLhello.pm line 1557, near "}"
/local/O-Saft/Net/SSLhello.pm has too many errors.
Compilation failed in require at ./o-saft.pl line 309. at ./o-saft.pl line 1228.
=== started in: /local/O-Saft ===
=== ./o-saft.pl 23.04.23 ===
    Net::SSLeay::
       ::OPENSSL_VERSION_NUMBER()    0x1000105f (268439647)
       ::SSLeay()                    0x1000105f (268439647)
    Net::SSLeay::SSLeay_version()    OpenSSL 1.0.1e-fips 11 Feb 2013
= openssl =
    external executable              /bin/openssl
    external executable (TLSv1.3)    openssl
    version of external executable   OpenSSL 1.0.2k-fips  26 Jan 2017
    used environment variable (name) LD_LIBRARY_PATH
    environment variable (content)   <<undef>>
    path to shared libraries         
    full path to openssl.cnf file    /etc/pki/tls/openssl.cnf
    common openssl.cnf files         /etc/ssl/openssl.cnf /usr/lib/ssl/openssl.cnf /System//Library/OpenSSL/openssl.cnf /usr/ssl/openssl.cnf
    URL where to find CRL file       <<undef>>
    directory with PEM files for CAs /etc/ssl/certs/
    PEM format file with CAs         /etc/ssl/certs//ca-certificates.crt
    common paths to PEM files for CAs /etc/ssl/certs /usr/lib/certs /System/Library/OpenSSL /etc/tls/certs
    common PEM filenames for CAs     ca-certificates.crt certificates.crt certs.pem cert.pem
= o-saft.pl =
    list of supported elliptic curves prime192v1 prime256v1 sect163k1 sect163r1 sect193r1 sect233k1 sect233r1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 secp224k1 secp224r1 secp256k1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1
    list of supported ALPN, NPN      http/1.1,h2c,h2c-14,spdy/1,npn-spdy/2,spdy/2,spdy/3,spdy/3.1,spdy/4a2,spdy/4a4,grpc-exp,h2-14,h2-15,http/2.0,h2
= o-saft.pl +cipher --ciphermode=openssl or --ciphermode=ssleay =
    number of supported ciphers      118
!!Hint: use '--v' to get list of ciphers
    openssl supported SSL versions   
    o-saft.pl known SSL versions     SSLv2 SSLv3 TLSv1 TLSv11 TLSv12 TLSv13 DTLSv09 DTLSv1 DTLSv11 DTLSv12 DTLSv13
= o-saft.pl +cipher --ciphermode=intern =
    used cipherrange                 intern
    number of supported ciphers      2640
    default list of ciphers          0x03000100 .. 0x0300013F, 0x0300FE00 .. 0x0300FFFF,0x03000000 .. 0x030000FF, 0x03001300 .. 0x030013FF,
        0x0300C000 .. 0x0300C1FF, 0x0300CC00 .. 0x0300CCFF,
        0x0300D000 .. 0x0300D0FF,
        0x0300FE00 .. 0x0300FFFF,
        0x03000A0A, 0x03001A1A, 0x03002A2A, 0x03003A3A, 0x03004A4A,
        0x03005A5A, 0x03006A6A, 0x03007A7A, 0x03008A8A, 0x03009A9A,
        0x0300AAAA, 0x0300BABA, 0x0300CACA, 0x0300DADA, 0x0300EAEA, 0x0300FAFA,

= Required (and used) Modules =
    @INC                 .. /local/O-Saft lib bin /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .
=   module name            VERSION  found in
=   ----------------------+--------+------------------------------------------
    IO::Socket::INET       1.33     /usr/lib64/perl5/IO/Socket/INET.pm
    IO::Socket::SSL        1.94     /usr/share/perl5/vendor_perl/IO/Socket/SSL.pm
    Time::Local            1.2300   /usr/share/perl5/vendor_perl/Time/Local.pm
    Net::DNS               0.72     /usr/lib64/perl5/vendor_perl/Net/DNS.pm
    Net::SSLeay            1.55     /usr/lib64/perl5/vendor_perl/Net/SSLeay.pm
    Net::SSLinfo           23.04.23 /local/O-Saft/Net/SSLinfo.pm
    Net::SSLhello                    
    OSaft::Ciphers         23.04.23 /local/O-Saft/OSaft/Ciphers.pm
    osaft                  22.11.22 /local/O-Saft/osaft.pm
EnDe commented 1 year ago

Net::SSLhello
OSaft::Ciphers 23.04.23 /local/O-Saft/OSaft/Ciphers.pm osaft 22.11.22 /local/O-Saft/osaft.pm

This means that Net::SSLhello.pm and osaft.pm are not the lastest (23.04.23) version. How did you retrieve the files from the repro, please post the command. Thanks.

I'm also checking why . (dot) is missing in your @INC. Can you please confirm that there is only one of: ./osaft.pm ../osaft.pm /local/O-Saft/osaft.pm or that they are all the same.

Meanwhile, please get Net::SSLhello.pm and osaft.pm individually from https://github.com/OWASP/O-Saft/ and try --version again.

cmckinney18 commented 1 year ago

I had actually downloaded the 23.04.23 version, which is where I had the issue. I was able to get it to work by making a few modifications... I've run a diff to show the changes:

1545c1545
<                                                                                                                 my $__decode_str = _decode_val (undef, \$val, \%osaft::TLS_EXTENSIONS{$key}, $__first_indent, 20, ": ", ", ", " | ", " / ");
---
>                                                                                                                 my $__decode_str = _decode_val (undef, $val, $osaft::TLS_EXTENSIONS{$key}, $__first_indent, 20, ": ", ", ", " | ", " / ");
5187c5187
<                 _trace5_ ("#     ---> extension found $found_values value(s) " . _decode_val (undef, \@{$_SSLhello{$protocolCipher}{param}{$_extension}{RX}{values}}, \%osaft::TLS_EXTENSIONS{$_extension}, 12, 12, ": ", ", ", " | ", " / ") . "\n");
---
>                 _trace5_ ("#     ---> extension found $found_values value(s) " . _decode_val (undef, \@{$_SSLhello{$protocolCipher}{param}{$_extension}{RX}{values}}, \$osaft::TLS_EXTENSIONS{$_extension}, 12, 12, ": ", ", ", " | ", " / ") . "\n");
5190c5190
<                 _trace5_ ("#     ---> extensions_params_hash: " . _decode_val (undef, \@{$Net::SSLhello::extensions_params_hash{$_extension}[0]}, \%osaft::TLS_EXTENSIONS{$_extension}, 12, 12, ": ", ", ", " | ", " / ") . "\n");
---
>                 _trace5_ ("#     ---> extensions_params_hash: " . _decode_val (undef, \@{$Net::SSLhello::extensions_params_hash{$_extension}[0]}, \$osaft::TLS_EXTENSIONS{$_extension}, 12, 12, ": ", ", ", " | ", " / ") . "\n");
5597c5597
<                             _trace5_ ("#     ---> values of 'supported_groups': " . _decode_val (undef, \@{$_SSLhello{$lastProtocolCipher}{param}{supported_groups}{RX}{values}}, \%osaft::TLS_EXTENSIONS{supported_groups}, 0, 12, ": ", ", ", " | ", " / ") . "\n");
---
>                             _trace5_ ("#     ---> values of 'supported_groups': " . _decode_val (undef, \@{$_SSLhello{$lastProtocolCipher}{param}{supported_groups}{RX}{values}}, \$osaft::TLS_EXTENSIONS{supported_groups}, 0, 12, ": ", ", ", " | ", " / ") . "\n");
5601c5601
<                             _trace4_ ("#     ---> found 'supported_groups':     " . _decode_val (undef, \@{$_SSLhello{$lastProtocolCipher}{param}{supported_groups}{RX}{values}}, \%osaft::TLS_EXTENSIONS{supported_groups}, 0, 12, ": ", ", ", " | ", " / ") . "\n");
---
>                             _trace4_ ("#     ---> found 'supported_groups':     " . _decode_val (undef, \@{$_SSLhello{$lastProtocolCipher}{param}{supported_groups}{RX}{values}}, \$osaft::TLS_EXTENSIONS{supported_groups}, 0, 12, ": ", ", ", " | ", " / ") . "\n");

After making these changes o-saft runs for me. I changed several instances of %osaft::TLS_EXTENSIONS(... to $osaft::TLS_EXTENSIONS(....

cmckinney18 commented 1 year ago

Incidentally, the $VERSION of osaft.pm on github still says 22.11.22.

EnDe commented 1 year ago

Incidentally, the $VERSION of osaft.pm on github still says 22.11.22.

fixed, see issiue/134

Just a formal bug in the release, not related to this issue.

EnDe commented 1 year ago

Thanks. Can you please tell me your perl version. damn pointer, I guess it should be \%{$osaft::TLS_EXTENSIONS{$_extension}} Anyway, if your fix/workaround is not correct, it will not harm usage unless you use the --trace option; need to do some testing ...

cmckinney18 commented 1 year ago

Currently running 5.16.3... sadly the highest distro release available for Centos 7.

EnDe commented 12 months ago

fixed in release 23.11.23