Advertisement
opexxx

webrick-ssl.rb

Jun 5th, 2014
308
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 4.28 KB | None | 0 0
  1. #!/usr/bin/env ruby
  2.  
  3. # Takes arguments of port and root, binds an SSL webserver on 0.0.0.0
  4. #
  5. # Examples:
  6. #   ./webrick-ssl.rb # Binds 0.0.0.0:8443, serving local dir
  7. #   ./webrisk-ssl.rb 443 /tmp/docroot # binds 443 to /tmp/docroot
  8. #
  9. # Test for Heartbleed:
  10. #
  11. # $ ./msfcli auxiliary/scanner/ssl/openssl_heartbleed RHOSTS=192.168.145.142 RPORT=8443 VERBOSE=true E
  12. # [*] Initializing modules...
  13. # RHOSTS => 192.168.145.142
  14. # RPORT => 8443
  15. # VERBOSE => true
  16. # [*] 192.168.145.142:8443 - Sending Client Hello...
  17. # [*] 192.168.145.142:8443 - Sending Heartbeat...
  18. # [*] 192.168.145.142:8443 - Heartbeat response, checking if there is data leaked...
  19. # [+] 192.168.145.142:8443 - Heartbeat response with leak
  20. # [*] 192.168.145.142:8443 - Printable info leaked: @SF%P{8vwF"F./A{f"!98532ED/Aos@sh.cvut.cz>  All rights reserved.= Licence  This program is licenced under the same licence as Ruby.  (See the file 'LICENCE'.)= Version  $Id: openssl.rb 32665 2011-07-25 06:38:44Z nahi $=endrequire 'openssl.so'require 'openssl/bn'require 'openssl/cipher'require 'openssl/config'require 'openssl/digest'require 'openssl/ssl-internal'require 'openssl/x509-internal'unJqpMhxgJ86_64-linux
  21. # [*] Scanned 1 of 1 hosts (100% complete)
  22. # [*] Auxiliary module execution completed
  23.  
  24. # Sources:
  25. # https://help.ubuntu.com/10.04/serverguide/certificates-and-security.html
  26. # https://www.networkworld.com/columnists/2007/090507-dr-internet.html
  27. # https://metasploit.com/download
  28.  
  29. require 'webrick'
  30. require 'webrick/https'
  31. require 'openssl'
  32.  
  33. port = (ARGV[0] || 8443).to_i
  34. root = (ARGV[1] || '.' ).to_s
  35.  
  36. # Yes this is not secret any more. :) Don't do this in production.
  37. SERVER_KEY = <<-EOL.gsub(/^\s+/,'')
  38.   -----BEGIN RSA PRIVATE KEY-----
  39.   MIICXQIBAAKBgQDevcKo3Ry+BBIh00GdBjRZYtRef4S58txPu35sAy3AfadZnlLE
  40.   NYVzApSr+XJTAk4jFzHedYLvqxyPFJfe3Ik9ExrvqSzM+BmbiWrlddJrtsz2hT14
  41.   J45iqLFnmxQabnSdicDSWQywrZWVC6FJHtCwEBsuRKvPL6IShQr2eczhIQIDAQAB
  42.   AoGAIuCn2HU3CPHuPOmtfn74N37oLhvdlphWsw1y0Er3IQsL51aJMzwGN2oSCZO3
  43.   uRPFVG1PW7we0pSClkztMvJpcqHjCJ6I4QY5bWtQf1y8KPW/v8MipU3auzpxLRnq
  44.   PbAq4fMtW/H6wQRGEezmX20DNz9U7awrYlKlhOefEbGHUVkCQQD8e6XRQZdndQvh
  45.   o5xy3NUF4mRDxpN5zUs8nSrLPqLLl/Y6uFhvyJjR5YLYMwpOq/NsioNv/piv5OPM
  46.   XH3UxXXXAkEA4dgNyIOxUlDACGxDiuEXHhBm+gH7xEFJ+/W27BbvxJNCH+bSCdQb
  47.   37O1U4EYwptGlDGYsTnyvmiGjd/ITv0RxwJBAMM9/qkFtsX7Hhf7hETSfiyRuAUt
  48.   LufWmCKkSu5mXk9gELmxyjmO/pX5jCgRuBvEHnZF2oQldf822e0zbN63X3sCQFWU
  49.   S1TKIm1wz/PhIo8D0IDB8mOWUNMDcoeZiqFX569zpcD09G5pA873CCUGbF2B/XK2
  50.   gIfXz5Y7gZFNVVgpKY0CQQDzOHVfZgzlKYd8+UZZ23tEOYkf8+3lkqwiWkTr3Tvm
  51.   0rEN+4qqavqXJQIWAlxIN78xMU0OGxiZ2gtvh4jFOr9r
  52.   -----END RSA PRIVATE KEY-----
  53. EOL
  54.  
  55. SERVER_CRT = <<-EOL.gsub(/^\s+/,'')
  56.   -----BEGIN CERTIFICATE-----
  57.   MIIC7TCCAlYCCQCgXQTQsbh8zjANBgkqhkiG9w0BAQUFADCBujELMAkGA1UEBhMC
  58.   VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xGjAYBgNVBAoMEUNv
  59.   bXByb21pc2VkLCBJbmMuMTswOQYDVQQLDDJEZXBhcnRtZW50IG9mIFB1dHRpbmcg
  60.   UHJpdmF0ZSBLZXlzIG9uIHRoZSBJbnRlcm5ldDESMBAGA1UEAwwJbG9jYWxob3N0
  61.   MR0wGwYJKoZIhvcNAQkBFg5yb290QGxvY2FsaG9zdDAeFw0xNDA0MTAxNjQ5MDBa
  62.   Fw0yNDA0MDcxNjQ5MDBaMIG6MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
  63.   DzANBgNVBAcMBkF1c3RpbjEaMBgGA1UECgwRQ29tcHJvbWlzZWQsIEluYy4xOzA5
  64.   BgNVBAsMMkRlcGFydG1lbnQgb2YgUHV0dGluZyBQcml2YXRlIEtleXMgb24gdGhl
  65.   IEludGVybmV0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJv
  66.   b3RAbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDevcKo3Ry+
  67.   BBIh00GdBjRZYtRef4S58txPu35sAy3AfadZnlLENYVzApSr+XJTAk4jFzHedYLv
  68.   qxyPFJfe3Ik9ExrvqSzM+BmbiWrlddJrtsz2hT14J45iqLFnmxQabnSdicDSWQyw
  69.   rZWVC6FJHtCwEBsuRKvPL6IShQr2eczhIQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
  70.   AEjnsqIR7uOk4BrciZn9SmeutGVlgRALgeyvjyYlWu875Lk4C5KReYgapqz5g6r4
  71.   Yrpuc/I439RaIlt4oiL1bVyRqnW8iGD7gXBLiPA74xGBk0NJVamQ1NmTk8htNLkj
  72.   LBp3yDrslNCsH9KrPVkNXwMFg1NrzoTvkqLs8iY95Xtn
  73.   -----END CERTIFICATE-----
  74. EOL
  75.  
  76. pkey = OpenSSL::PKey::RSA.new(SERVER_KEY)
  77. cert = OpenSSL::X509::Certificate.new(SERVER_CRT)
  78.  
  79. server = WEBrick::HTTPServer.new(
  80.   :Port => port,
  81.   :DocumentRoot => root,
  82.   :SSLEnable => true,
  83.   :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
  84.   :SSLCertificate => cert,
  85.   :SSLPrivateKey => pkey,
  86.   :SSLCertName => [ [ "CN",WEBrick::Utils.getservername ] ],
  87.   :Logger => WEBrick::Log.new($stderr, WEBrick::Log::DEBUG)
  88. )
  89.  
  90. Signal.trap(2) do
  91.   server.shutdown
  92. end
  93. puts "[*] Starting #{$0} using ruby-#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} ..."
  94. server.start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement