search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.5k stars 407 forks source link

Support deprecated SSL versions #1569

Open TheTechromancer opened 2 months ago

TheTechromancer commented 2 months ago

Currently, httpx works on older SSL versions, but our builtin request helper doesn't:

ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1000)

Supporting older, insecure protocols and ciphers is really important, since this is where the worst vulns are likely to be.

TheTechromancer commented 2 months ago

Per Claude, example of using custom-compiled openssl version with python:

  1. Install build dependencies:

    sudo apt-get update
sudo apt-get install build-essential checkinstall zlib1g-dev

  2. Download and compile custom OpenSSL:

    wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz
tar xvf openssl-1.1.1u.tar.gz
cd openssl-1.1.1u
./config --prefix=/opt/custom-openssl enable-ssl2 enable-ssl3 enable-weak-ssl-ciphers
make
sudo make install

  3. Set up a virtual environment:

    pip install virtualenv
virtualenv --python=$(which python3) venv
source venv/bin/activate

  4. Install required packages:

    pip install requests[security] pyopenssl

  5. Create your Python script (e.g., security_scanner.py):

import os

# Set environment variables for custom OpenSSL
os.environ['LD_LIBRARY_PATH'] = '/opt/custom-openssl/lib:' + os.environ.get('LD_LIBRARY_PATH', '')
os.environ['PYTHONPATH'] = '/opt/custom-openssl/lib:' + os.environ.get('PYTHONPATH', '')
os.environ['OPENSSL_CONF'] = '/opt/custom-openssl/ssl/openssl.cnf'

import requests
from OpenSSL import SSL
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context

class CustomSSLContextAdapter(HTTPAdapter):
    def init_poolmanager(self, *args, **kwargs):
        context = create_urllib3_context()
        context.set_ciphers('ALL:@SECLEVEL=0')  # Use all available ciphers
        context.options |= 0x4  # SSL.OP_LEGACY_SERVER_CONNECT
        kwargs['ssl_context'] = context
        return super(CustomSSLContextAdapter, self).init_poolmanager(*args, **kwargs)

def make_request(url):
    session = requests.Session()
    adapter = CustomSSLContextAdapter()
    session.mount('https://', adapter)

    try:
        response = session.get(url, verify=False)
        print(f"Status Code: {response.status_code}")
        print(f"Content: {response.text[:100]}...")
    except requests.exceptions.RequestException as e:
        print(f"An error occurred: {e}")

if __name__ == "__main__":
    make_request('https://example.com')
  1. Run your script: 
    python security_scanner.py

These steps will:

  1. Install necessary build tools
  2. Compile a custom OpenSSL with all protocols and weak ciphers enabled
  3. Set up an isolated Python environment
  4. Install required Python packages
  5. Create a Python script that uses the custom OpenSSL
  6. Run the script directly