revel / revel

A high productivity, full-stack web framework for the Go language.
http://revel.github.io
MIT License
13.15k stars 1.39k forks source link

MITM detection #1416

Open rami-dabain opened 5 years ago

rami-dabain commented 5 years ago

I am using a library that detects attempts of lowering the SSL version (to an older version) where it gives an attacker a change to break into the SSL tunnel, this library requires the raw bytes of the initial handshake that is received by the https socket. This library might be a good addition to revel, I can create a merge request if someone helps me figure out how to extract the raw bytes of the initial handshake! Tried to rewrite the http server module but no luck understanding it, with no documentation / comments it is a bit difficult to grasp

notzippy commented 5 years ago

If you can show how Go's http server can be modified to do this I can help with the PR

On Wed., Jan. 16, 2019, 12:48 a.m. Rami, notifications@github.com wrote:

I am using a library that detects attempts of lowering the SSL version (to an older version) where it gives an attacker a change to break into the SSL tunnel, this library requires the raw bytes of the initial handshake that is received by the https socket. This library might be a good addition to revel, I can create a merge request if someone helps me figure out how to extract the raw bytes of the initial handshake! Tried to rewrite the http server module but no luck understanding it, with no documentation / comments it is a bit difficult to grasp

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/revel/revel/issues/1416, or mute the thread https://github.com/notifications/unsubscribe-auth/ABUsBtGnRzURHLAksZHtEVc2wO5p4Qilks5vDudEgaJpZM4aCkuh .

rami-dabain commented 5 years ago

Caddy Http Server: https://caddyserver.com/

built in golang, it matches the browser agent to the tls handshake signature it sends. if they don't match, then a MITM attack might be on the way. also can provide more accurate browser identification

Can't find the blogpost that describes how it is done,but the idea is simple once you get the raw bytes of the TLS handshake