mzpqnxow
commented
3 years ago Hey @jphughes I'm not able to reproduce (though I admit I didn't try very hard)
I only tested with the http module, using:
echo '142.250.141.99,www.google.com' | zgrab2 http -p 443 --use-httpsI ran that twice and observed that the ClientHello random bytes were different in both cases. I did the same with a few sites using SSLv3, TLSv1.0 and TLSv1.1 and saw the same
Can I ask if you are seeing this:
- In a specific module?
- With a specific SSL/TLS protocol version and/or a specific cipher-suite ?
I don't speak for the zmap project, but I am interested in ensuring these values are random, mainly to prevent signature-based blocks on network devices that may fire on a fixed ClientRandom value. The problem for me there is that it would impact the statistics that are gathered
Thanks
BTW- if you want to do any testing on your own, you can force the SSL/TLS protocol version using --min-version and --max-version. For SSLv3, --min-version=0x300 --max-version=0x300, for TLSv1.0 --min-version=0x301 --max-version=0x301, and so on...
The TLS Security proof requires that the ClientHello Random actually be random. Without this being random there are problems with cut-paste and replay attacks. I assume the security of the traffic is not your concern so this may not be an issue you want to fix. This also applies to zgrab but since that is deprecated for this repo I have opened the issue here.