-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrealm_cipher_order.rb
94 lines (71 loc) · 2.99 KB
/
realm_cipher_order.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/env ruby
require 'rubygems'
require 'bundler/setup'
require 'elasticsearch'
require_relative './localconfig'
client = Elasticsearch::Client.new log: false, user: @config[:elastic_username], password: @config[:elastic_password]
realm_data = client.search index: 'tlshandshakes', body: { size: 0, aggs: { realms: { terms: { field: 'meta.realm.keyword', size: 100000 } } } }
realm_data['aggregations']['realms']['buckets'].each do |realm_bucket|
cur_realm = realm_bucket['key']
puts "Checking #{cur_realm}"
realm_match = { match_phrase: { "meta.realm.keyword": cur_realm } }
realm_query = { bool: { filter: realm_match } }
chosen_ciphers = []
cipher_data = client.search index: 'tlshandshakes', body: { size: 0, aggs: { cipher: { terms: { field: 'tls.tlsserverhello.cipher.keyword', size: 1000 } } }, query: realm_query }
cipher_data['aggregations']['cipher']['buckets'].each do |cipher_bucket|
chosen_ciphers << cipher_bucket['key']
end
if chosen_ciphers.length < 2
puts ' No Preference analysis possible, just one ciphersuite'
next
end
ciphersets = []
cipherset_data = client.search index: 'tlshandshakes', body: { size: 0, aggs: { cipherset: { terms: { field: 'tls.tlsclienthello.cipherdata.cipherset.keyword', size: 1000 } } }, query: realm_query }
cipherset_data['aggregations']['cipherset']['buckets'].each do |cipherset_bucket|
ciphersets << cipherset_bucket['key']
end
cipher_orders = []
client_preference = false
no_client_preference = false
preference_checkable = false
chosen_data = client.search index: 'tlshandshakes', body: { size: 0, aggs: { chosen: { size: 1000, composite: { sources: [ { cipherset: { terms: { field: 'tls.tlsclienthello.cipherdata.cipherset.keyword' } } }, { cipher: { terms: { field: 'tls.tlsserverhello.cipher.keyword' } } } ] } } }, query: realm_query }
chosen_data['aggregations']['chosen']['buckets'].each do |chosen_bucket|
ciphersuite = chosen_bucket['key']['cipherset'].split(' ')
chosen = chosen_bucket['key']['cipher']
puts " #{ciphersuite.join(' ')}"
puts " #{chosen}"
puts ''
chosen_index = ciphersuite.index chosen
chosen_ciphers.each do |cs|
next if chosen == cs
cur_ind = ciphersuite.index cs
next if cur_ind.nil?
cipher_orders << [chosen, cs]
preference_checkable = true
if chosen_index < cur_ind
# Possible Client Preference
client_preference = true
end
if chosen_index > cur_ind
# No Client preference
no_client_preference = true
end
end
end
unless preference_checkable
puts ' Preference not checkable.'
next
end
server_preference = true
cipher_orders.uniq!
puts " Cipher Orders: #{cipher_orders}"
cipher_orders.each do |entry|
if cipher_orders.include? [entry[1],entry[0]]
server_preference = false
break
end
end
client_preference &= !no_client_preference
puts " Client Preference: #{client_preference}"
puts " Server Preference: #{server_preference}"
end