SSL/TLS

Working with SSL/TLS connections is a very important job and it comes in tow shapes. (1) Secure HTTP connection. (2) Secure Socket. To reduce the redundancy, I’ll deal with both in this section, instead of putting the http part under Web Kung Fu section.

Certificate Validation

Validate HTTPS Certificate

validate_https_cert.rb

  1. #!/usr/bin/env ruby
  2. #
  3. # KING SABRI | @KINGSABRI
  4. #
  5. require 'open-uri'
  7. def validate_https_cert(target)  begin
  8.     open("https://#{target}")
  9.     puts '[+] Valid SSL Certificate!'
  10.   rescue OpenSSL::SSL::SSLError
  11.     puts '[+] Invalid SSL Certificate!'
  12.   end
  13. end
  15. good_ssl = 'google.com'
  16. bad_ssl  = 'expired.badssl.com'
  18. validate_https_cert good_ssl
  19. validate_https_cert bad_ssl

Validate Secure Socket Certificate

validate_socket_cert.rb

  1. #!/usr/bin/env ruby
  2. #
  3. # KING SABRI | @KINGSABRI
  4. #
  5. require 'socket'
  6. require 'openssl'
  8. def validate_socket_cert(target)
  9.   ssl_context = OpenSSL::SSL::SSLContext.new  
  10.   ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER  
  11.   cert_store = OpenSSL::X509::Store.new  
  12.   cert_store.set_default_paths  
  13.   ssl_context.cert_store = cert_store  
  14.   socket = TCPSocket.new(target, 443)  
  15.   ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)  
  16.   begin    
  17.     ssl_socket.connect    
  18.     puts '[+] Valid SSL Certificate!'  
  19.   rescue OpenSSL::SSL::SSLError    
  20.     puts '[+] Invalid SSL Certificate!'  
  21.   end
  22. end
  24. good_ssl = 'google.com'
  25. bad_ssl  = 'expired.badssl.com'
  27. validate_socket_cert good_ssl
  28. validate_socket_cert bad_ssl

Putting all together

ssl_validator.rb

  1. #!/usr/bin/env ruby
  2. #
  3. # SSL/TLS validator
  4. # KING SABRI | @KINGSABRI
  5. #
  7. def validate_ssl(target, conn_type=:web)
  9.   case conn_type
  10.     # Web Based SSL
  11.     when :web
  12.       require 'open-uri'
  14.       begin
  15.         open("https://#{target}")
  16.         puts '[+] Valid SSL Certificate!'
  17.       rescue OpenSSL::SSL::SSLError
  18.         puts '[+] Invalid SSL Certificate!'
  19.       end
  20.     # Socked Based SSL
  21.     when :socket
  22.       require 'socket'
  23.       require 'openssl'
  25.       ssl_context = OpenSSL::SSL::SSLContext.new
  26.       ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
  27.       cert_store = OpenSSL::X509::Store.new
  28.       cert_store.set_default_paths
  29.       ssl_context.cert_store = cert_store
  30.       socket = TCPSocket.new(target, 443)
  31.       ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
  33.       begin
  34.         ssl_socket.connect
  35.         puts '[+] Valid SSL Certificate!'
  36.       rescue OpenSSL::SSL::SSLError
  37.         puts '[+] Invalid SSL Certificate!'
  38.       end
  40.     else
  41.       puts '[!] Unknown connection type!'
  42.   end
  44. end
  47. good_ssl = 'google.com'
  48. bad_ssl  = 'expired.badssl.com'
  50. validate_ssl(bad_ssl, :web)
  51. validate_ssl(bad_ssl, :socket)
  53. validate_ssl(good_ssl, :web)
  54. validate_ssl(good_ssl, :socket)

Run it

  1. ruby ssl_validator.rb
  3. [+] Invalid SSL Certificate!
  4. [+] Invalid SSL Certificate!
  5. [+] Valid SSL Certificate!
  6. [+] Valid SSL Certificate!