-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False negatives in some cases #14
Comments
Further testing shows that the version of scapy installed doesn't seem to do a great job of parsing SSLv2 hello messages. All it can get at is ...
I think the upshot of that is that it's probably wise to use a later version of scapy - not sure how to modify the script to be avoid the misleading false negative. |
Every host I tested is reported clean due to this. Example: lockerdome.com: Case 3d; Server hello did not contain server hello lockerdome.com: Case 3d; Server hello did not contain server hello lockerdome.com: Case 3d; Server hello did not contain server hello I am running python 2.7.6 on an Ubuntu 14.04TLS machine. Here are the pip packages that were installed in the virtualenv I created to run this scanner: $ pip freeze |
In some cases? How about in all cases. Take for ex, 84.204.79.83:443, https://www.ssllabs.com/ssltest/analyze.html?d=agl.spb.ru
You should revoke your scanner from public access immediately, it asserts false sense of security. |
Unfortunately I would have to agree. Using the test.drownattack.com to test one of my servers, it was shown as supporting SSLv2 (and therefore vulnerable), however testing it with this tool, I received the clean bill of health along with the "Case 3d; Server hello did not contain server hello". |
Confirmed... +1 |
Is there any workaround yet? I tried using a clean debian docker image and installed all dependencies from apt-get and can't get it to work. Any ideas? |
Confirmed... +1 |
Thank you all for bringing this to my attention. |
Just to confirm - works for me now. Thanks for the rollback! |
Though I now get the ImportError, I still can't get it to work. I tried it on a minimal install of CentOS, and Debian (inside a docker container). I followed #17 but that doesn't seem to help. Any suggests what I did wrong? |
@Matt3o12 Could you please open another issue, and include the output of the script, and the output of sudo dpkg -l | grep python ? |
I think the scanner is returning false negatives in some cases. I've isolated the problem to the line:
this branch isn't being triggered, even when the server does respond with valid SSLv2 Server Hello message (per tcpdump). This is with scapy 2.2.0-1 on ubuntu.
If I precede the above line with:
it's clearly a valid and parseable hello message. But the end result is that the script reports ... "Case 3d; Server hello did not contain server hello" incorrectly :/
The text was updated successfully, but these errors were encountered: