search

projectdiscovery / tlsx

Fast and configurable TLS grabber focused on TLS based data collection.
MIT License
810 stars 76 forks source link

Add support for detecting whether a server requires clients to authenticate using a client certificate #564

Open mark-adams opened 3 days ago

mark-adams commented 3 days ago

Please describe your feature request:

I would like tlsx to return back a client_cert_required attribute to indicate whether or not the remote server requires clients to authenticate using a certificate.

Describe the use case of this feature:

A common security practice when using third-party edge services like Cloudflare is to require mutual TLS between the edge service and the backend web servers to ensure that third-parties are not able to bypass the edge service and make requests to the web servers directly. In these cases, it is useful to be able to scan a particular set of endpoints to determine whether or not there are any that are missing this control that need to be remediated.

GeorginaReeder commented 3 days ago

Thanks for this feature request @mark-adams , we'll definitely take a look into it!