API tools faq
paste
Advertisement
opexxx

webrick-ssl.rb

opexxx
Jun 5th, 2014
304
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 4.28 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env ruby
  2.  
  3. # Takes arguments of port and root, binds an SSL webserver on 0.0.0.0
  4. #
  5. # Examples:
  6. #   ./webrick-ssl.rb # Binds 0.0.0.0:8443, serving local dir
  7. #   ./webrisk-ssl.rb 443 /tmp/docroot # binds 443 to /tmp/docroot
  8. #
  9. # Test for Heartbleed:
  10. #
  11. # $ ./msfcli auxiliary/scanner/ssl/openssl_heartbleed RHOSTS=192.168.145.142 RPORT=8443 VERBOSE=true E
  12. # [*] Initializing modules...
  13. # RHOSTS => 192.168.145.142
  14. # RPORT => 8443
  15. # VERBOSE => true
  16. # [*] 192.168.145.142:8443 - Sending Client Hello...
  17. # [*] 192.168.145.142:8443 - Sending Heartbeat...
  18. # [*] 192.168.145.142:8443 - Heartbeat response, checking if there is data leaked...
  19. # [+] 192.168.145.142:8443 - Heartbeat response with leak
  20. # [*] 192.168.145.142:8443 - Printable info leaked: @SF%P{8vwF"F./A{f"!98532ED/Aos@sh.cvut.cz>  All rights reserved.= Licence  This program is licenced under the same licence as Ruby.  (See the file 'LICENCE'.)= Version  $Id: openssl.rb 32665 2011-07-25 06:38:44Z nahi $=endrequire 'openssl.so'require 'openssl/bn'require 'openssl/cipher'require 'openssl/config'require 'openssl/digest'require 'openssl/ssl-internal'require 'openssl/x509-internal'unJqpMhxgJ86_64-linux
  21. # [*] Scanned 1 of 1 hosts (100% complete)
  22. # [*] Auxiliary module execution completed
  23.  
  24. # Sources:
  25. # https://help.ubuntu.com/10.04/serverguide/certificates-and-security.html
  26. # https://www.networkworld.com/columnists/2007/090507-dr-internet.html
  27. # https://metasploit.com/download
  28.  
  29. require 'webrick'
  30. require 'webrick/https'
  31. require 'openssl'
  32.  
  33. port = (ARGV[0] || 8443).to_i
  34. root = (ARGV[1] || '.' ).to_s
  35.  
  36. # Yes this is not secret any more. :) Don't do this in production.
  37. SERVER_KEY = <<-EOL.gsub(/^\s+/,'')
  38.   -----BEGIN RSA PRIVATE KEY-----
  39.   MIICXQIBAAKBgQDevcKo3Ry+BBIh00GdBjRZYtRef4S58txPu35sAy3AfadZnlLE
  40.   NYVzApSr+XJTAk4jFzHedYLvqxyPFJfe3Ik9ExrvqSzM+BmbiWrlddJrtsz2hT14
  41.   J45iqLFnmxQabnSdicDSWQywrZWVC6FJHtCwEBsuRKvPL6IShQr2eczhIQIDAQAB
  42.   AoGAIuCn2HU3CPHuPOmtfn74N37oLhvdlphWsw1y0Er3IQsL51aJMzwGN2oSCZO3
  43.   uRPFVG1PW7we0pSClkztMvJpcqHjCJ6I4QY5bWtQf1y8KPW/v8MipU3auzpxLRnq
  44.   PbAq4fMtW/H6wQRGEezmX20DNz9U7awrYlKlhOefEbGHUVkCQQD8e6XRQZdndQvh
  45.   o5xy3NUF4mRDxpN5zUs8nSrLPqLLl/Y6uFhvyJjR5YLYMwpOq/NsioNv/piv5OPM
  46.   XH3UxXXXAkEA4dgNyIOxUlDACGxDiuEXHhBm+gH7xEFJ+/W27BbvxJNCH+bSCdQb
  47.   37O1U4EYwptGlDGYsTnyvmiGjd/ITv0RxwJBAMM9/qkFtsX7Hhf7hETSfiyRuAUt
  48.   LufWmCKkSu5mXk9gELmxyjmO/pX5jCgRuBvEHnZF2oQldf822e0zbN63X3sCQFWU
  49.   S1TKIm1wz/PhIo8D0IDB8mOWUNMDcoeZiqFX569zpcD09G5pA873CCUGbF2B/XK2
  50.   gIfXz5Y7gZFNVVgpKY0CQQDzOHVfZgzlKYd8+UZZ23tEOYkf8+3lkqwiWkTr3Tvm
  51.   0rEN+4qqavqXJQIWAlxIN78xMU0OGxiZ2gtvh4jFOr9r
  52.   -----END RSA PRIVATE KEY-----
  53. EOL
  54.  
  55. SERVER_CRT = <<-EOL.gsub(/^\s+/,'')
  56.   -----BEGIN CERTIFICATE-----
  57.   MIIC7TCCAlYCCQCgXQTQsbh8zjANBgkqhkiG9w0BAQUFADCBujELMAkGA1UEBhMC
  58.   VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xGjAYBgNVBAoMEUNv
  59.   bXByb21pc2VkLCBJbmMuMTswOQYDVQQLDDJEZXBhcnRtZW50IG9mIFB1dHRpbmcg
  60.   UHJpdmF0ZSBLZXlzIG9uIHRoZSBJbnRlcm5ldDESMBAGA1UEAwwJbG9jYWxob3N0
  61.   MR0wGwYJKoZIhvcNAQkBFg5yb290QGxvY2FsaG9zdDAeFw0xNDA0MTAxNjQ5MDBa
  62.   Fw0yNDA0MDcxNjQ5MDBaMIG6MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
  63.   DzANBgNVBAcMBkF1c3RpbjEaMBgGA1UECgwRQ29tcHJvbWlzZWQsIEluYy4xOzA5
  64.   BgNVBAsMMkRlcGFydG1lbnQgb2YgUHV0dGluZyBQcml2YXRlIEtleXMgb24gdGhl
  65.   IEludGVybmV0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJv
  66.   b3RAbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDevcKo3Ry+
  67.   BBIh00GdBjRZYtRef4S58txPu35sAy3AfadZnlLENYVzApSr+XJTAk4jFzHedYLv
  68.   qxyPFJfe3Ik9ExrvqSzM+BmbiWrlddJrtsz2hT14J45iqLFnmxQabnSdicDSWQyw
  69.   rZWVC6FJHtCwEBsuRKvPL6IShQr2eczhIQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
  70.   AEjnsqIR7uOk4BrciZn9SmeutGVlgRALgeyvjyYlWu875Lk4C5KReYgapqz5g6r4
  71.   Yrpuc/I439RaIlt4oiL1bVyRqnW8iGD7gXBLiPA74xGBk0NJVamQ1NmTk8htNLkj
  72.   LBp3yDrslNCsH9KrPVkNXwMFg1NrzoTvkqLs8iY95Xtn
  73.   -----END CERTIFICATE-----
  74. EOL
  75.  
  76. pkey = OpenSSL::PKey::RSA.new(SERVER_KEY)
  77. cert = OpenSSL::X509::Certificate.new(SERVER_CRT)
  78.  
  79. server = WEBrick::HTTPServer.new(
  80.   :Port => port,
  81.   :DocumentRoot => root,
  82.   :SSLEnable => true,
  83.   :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
  84.   :SSLCertificate => cert,
  85.   :SSLPrivateKey => pkey,
  86.   :SSLCertName => [ [ "CN",WEBrick::Utils.getservername ] ],
  87.   :Logger => WEBrick::Log.new($stderr, WEBrick::Log::DEBUG)
  88. )
  89.  
  90. Signal.trap(2) do
  91.   server.shutdown
  92. end
  93. puts "[*] Starting #{$0} using ruby-#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} ..."
  94. server.start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!