Skip to content

Commit

Permalink
Merge pull request #35 from tomato42/fingerprints
Browse files Browse the repository at this point in the history 
Fingerprint enhancements and new fingerprints
  • Loading branch information
@richmoore
richmoore committed Nov 8, 2016
2 parents c19a8e6 + 24ccc9e commit d56de68
Show file tree
Hide file tree
Showing 194 changed files with 22,559 additions and 1,768 deletions.
53 changes: 53 additions & 0 deletions SERVER_CONFIGURATION.md
View file
@@ -0,0 +1,53 @@
Server configuration
====================


OpenSSL
-------

Key/cert generation:

openssl ocsp -index ca/index.txt -port 8888 -rsigner ca/cert.pem -rkey ca/key.pem -CA ca/cert.pem
touch srpfile.bin
openssl srp -add -srpvfile srpfile.bin -gn 2048 -passin pass:test user

Server start:

openssl s_server -key localhost/key.pem -cert localhost/cert.pem -www \
-nextprotoneg 'http/1.1,h2' -status -servername example -cert2 example/cert.pem \
-key2 example/key.pem -status_url http://localhost:8888 -alpn 'http/1.1,h2' \
-CAfile ca/cert.pem -psk_hint example-hint -psk 0fbacdf271823b -srpvfile srpfile.bin \
-use_srtp SRTP_AES128_CM_SHA1_80


NSS
---

Key/cert setup:

openssl pkcs12 -export -passout pass: -out localhost.p12 -inkey localhost/key.pem -in localhost/cert.pem -name localhost
openssl pkcs12 -export -passout pass: -out example.p12 -inkey example/key.pem -in example/cert.pem -name example
openssl pkcs12 -export -passout pass: -out ca.p12 -inkey ca/key.pem -in ca/cert.pem -name ca
mkdir nssdb
certutil -N --empty-password -d sql:nssdb
pk12util -i localhost.p12 -d sql:nssdb -W ''
pk12util -i ca.p12 -d sql:nssdb -W ''
pk12util -i example.p12 -d sql:nssdb -W ''

Server start:

selfserv -d sql:./nssdb -p 4433 -V tls1.0: -H 1 -z -n localhost -T good -A ca -a example -c :c013:0033:002F -u -G -Q


GnuTLS
------

Setup:

echo garbage > ocsp.der

Server start:

gnutls-serv --http -p 4433 --x509keyfile localhost/key.pem \
--x509certfile localhost/cert.pem --disable-client-cert \
--srtp-profiles SRTP_AES128_CM_HMAC_SHA1_80 --ocsp-response ocsp.der --heartbeat
36 changes: 18 additions & 18 deletions fingerprints/apache-tomcat-7054-jsse-bio-java-18040.fp
View file
@@ -1,26 +1,26 @@
Description: Apache Tomcat 7.0.54 (JSSE; BIO; Java 1.8.0_40)

ZeroHelloVersion: *(303)alert:HandshakeFailure:fatal|
BadContentType: *(303)alert:UnexpectedMesage:fatal|
SNIEmptyName: *(303)alert:UnexpectedMesage:fatal|
TwoInvalidPackets: *(303)alert:UnexpectedMesage:fatal|
BadContentType: *(303)alert:UnexpectedMessage:fatal|
BadHandshakeMessage: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMessage:fatal|
DoubleClientHello: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMessage:fatal|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMessage:fatal|
EmptyRecord: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
RecordLengthUnderflow: writeerror:ECONNRESET|
Heartbeat: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
Heartbleed: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
BadHandshakeMessage: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
HighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
HighTLSVersion: *(303)alert:UnexpectedMessage:fatal|
NoCiphers: *(301)alert:HandshakeFailure:fatal|
NormalHandshake: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerKeyExchange|handshake:ServerHelloDone|
NoCiphers: *(301)alert:HandshakeFailure:fatal|
VeryHighTLSVersion: *(303)alert:UnexpectedMesage:fatal|
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
DoubleClientHello: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMesage:fatal|
Heartbeat: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
HighTLSVersion: *(303)alert:UnexpectedMesage:fatal|
HighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMesage:fatal|
RecordLengthOverflow: error:timeout
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMesage:fatal|
RecordLengthUnderflow: writeerror:ECONNRESET|
SNIEmptyName: *(303)alert:UnexpectedMessage:fatal|
SNILongName: *(303)alert:UnexpectedMessage:fatal|
SNIWrongName: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
SNILongName: *(303)alert:UnexpectedMesage:fatal|
ZeroTLSVersion: *(303)alert:UnexpectedMesage:fatal|
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
TwoInvalidPackets: *(303)alert:UnexpectedMessage:fatal|
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
VeryHighTLSVersion: *(303)alert:UnexpectedMessage:fatal|
ZeroHelloVersion: *(303)alert:HandshakeFailure:fatal|
ZeroTLSVersion: *(303)alert:UnexpectedMessage:fatal|
32 changes: 16 additions & 16 deletions fingerprints/apache-tomcat-7054-jsse-nio-java-18040.fp
View file
@@ -1,26 +1,26 @@
Description: Apache Tomcat 7.0.54 (JSSE; NIO; Java 1.8.0_40)

ZeroHelloVersion: error:Unexpected EOF receiving record header - server closed connection|
BadContentType: error:Unexpected EOF receiving record header - server closed connection|
SNIEmptyName: error:Unexpected EOF receiving record header - server closed connection|
TwoInvalidPackets: error:Unexpected EOF receiving record header - server closed connection|
EmptyRecord: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
RecordLengthUnderflow: error:Unexpected EOF receiving record header - server closed connection|
Heartbleed: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
BadHandshakeMessage: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
NormalHandshake: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerKeyExchange|handshake:ServerHelloDone|
NoCiphers: error:Unexpected EOF receiving record header - server closed connection|
VeryHighTLSVersion: error:Unexpected EOF receiving record header - server closed connection|
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection|
DoubleClientHello: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection|
EmptyRecord: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
Heartbeat: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
HighTLSVersion: error:Unexpected EOF receiving record header - server closed connection|
Heartbleed: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
HighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection|
HighTLSVersion: error:Unexpected EOF receiving record header - server closed connection|
NoCiphers: error:Unexpected EOF receiving record header - server closed connection|
NormalHandshake: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerKeyExchange|handshake:ServerHelloDone|
RecordLengthOverflow: error:timeout
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection|
SNIWrongName: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
RecordLengthUnderflow: error:Unexpected EOF receiving record header - server closed connection|
SNIEmptyName: error:Unexpected EOF receiving record header - server closed connection|
SNILongName: error:Unexpected EOF receiving record header - server closed connection|
SNIWrongName: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|
TwoInvalidPackets: error:Unexpected EOF receiving record header - server closed connection|
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone|
VeryHighTLSVersion: error:Unexpected EOF receiving record header - server closed connection|
ZeroHelloVersion: error:Unexpected EOF receiving record header - server closed connection|
ZeroTLSVersion: error:Unexpected EOF receiving record header - server closed connection|
32 changes: 16 additions & 16 deletions fingerprints/apache-tomcat-7054-tomcat-native-1130-apr-148.fp
View file
@@ -1,26 +1,26 @@
Description: Apache Tomcat 7.0.54 (Tomcat Native 1.1.30; APR 1.4.8)

ZeroHelloVersion: *(301)alert:ProtocolVersion:fatal|
BadContentType: error:timeout
SNIEmptyName: *(301)alert:DecodeError:fatal|
TwoInvalidPackets: error:ECONNRESET|
EmptyRecord: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
RecordLengthUnderflow: writeerror:ECONNRESET|
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
BadHandshakeMessage: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:IllegalParameter:fatal|
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerKeyExchange|*(301)handshake:ServerHelloDone|
NoCiphers: *(301)alert:IllegalParameter:fatal|
VeryHighTLSVersion: error:ECONNRESET|
VeryHighHelloVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
DoubleClientHello: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
EmptyRecord: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
Heartbeat: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
HighTLSVersion: error:ECONNRESET|
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
HighHelloVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
HighTLSVersion: error:ECONNRESET|
NoCiphers: *(301)alert:IllegalParameter:fatal|
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerKeyExchange|*(301)handshake:ServerHelloDone|
RecordLengthOverflow: error:timeout
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
SNIWrongName: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
RecordLengthUnderflow: writeerror:ECONNRESET|
SNIEmptyName: *(301)alert:DecodeError:fatal|
SNILongName: *(301)alert:UnrecognizedName:fatal|
SNIWrongName: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
TwoInvalidPackets: error:ECONNRESET|
VeryHighHelloVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
VeryHighTLSVersion: error:ECONNRESET|
ZeroHelloVersion: *(301)alert:ProtocolVersion:fatal|
ZeroTLSVersion: error:ECONNRESET|
32 changes: 16 additions & 16 deletions fingerprints/axtls152.fp → fingerprints/axtls-152.fp
View file
@@ -1,23 +1,23 @@
Description: axTLS-1.5.2
Description: axTLS 1.5.2

HighHelloVersion: *(302)handshake:ServerHello(302)|*(302)handshake:Certificate|*(302)handshake:ServerHelloDone|
ZeroHelloVersion: *(300)alert:ProtocolVersion:fatal|
BadContentType: *(300)alert:HandshakeFailure:fatal|
BadHandshakeMessage: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
DoubleClientHello: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
EmptyRecord: error:Unexpected EOF receiving record header - server closed connection|
Heartbeat: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
HighHelloVersion: *(302)handshake:ServerHello(302)|*(302)handshake:Certificate|*(302)handshake:ServerHelloDone|
HighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
NoCiphers: *(301)alert:IllegalParameter:fatal|
BadContentType: *(300)alert:HandshakeFailure:fatal|
VeryHighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)alert:IllegalParameter:fatal|
RecordLengthOverflow: *(300)alert:HandshakeFailure:fatal|
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
RecordLengthUnderflow: writeerror:EPIPE|
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
TwoInvalidPackets: writeerror:EPIPE|
VeryHighHelloVersion: *(302)handshake:ServerHello(302)|*(302)handshake:Certificate|*(302)handshake:ServerHelloDone|
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
Heartbeat: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|
EmptyRecord: error:Unexpected EOF receiving record header - server closed connection|
VeryHighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
ZeroHelloVersion: *(300)alert:ProtocolVersion:fatal|
ZeroTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
OnlyECCipherSuites: *(301)alert:IllegalParameter:fatal|
HighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|
RecordLengthUnderflow: writeerror:EPIPE|
DoubleClientHello: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal|

0 comments on commit d56de68

Please sign in to comment.