summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG.md6
-rw-r--r--css/ssl.css108
-rw-r--r--functions/connection.php19
-rw-r--r--functions/parse_certificate.php6
-rw-r--r--index.php218
-rw-r--r--js/ajax.js7
6 files changed, 295 insertions, 69 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ec10ad1..bd996e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,14 @@
# Changelog
+## 1.9
+
+- Add navigation menu
+- Fix issue with OCSP validation and HTTP 1.1 (StartCOM)
+
## 1.8
- Add certificate chain validation.
- Make some chiphersuites red.
-- Fix issue with OCSP validation and HTTP 1.1 (StartCOM)
## 1.7
diff --git a/css/ssl.css b/css/ssl.css
index 8bbf0bf..ae3b1e9 100644
--- a/css/ssl.css
+++ b/css/ssl.css
@@ -14,6 +14,113 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+
+.sticky {
+ position: -webkit-sticky;
+ position: -moz-sticky;
+ position: -ms-sticky;
+ position: -o-sticky;
+ top: 15px;
+}
+
+.nav-active {
+ text-decoration: none;
+ color: #fff !important;
+ background: rgba(0,150,255,0.7);
+}
+
+.nav-active a{
+ text-decoration: none;
+ color: #fff;
+ background: rgba(0,150,255,0.7);
+}
+
+#wrapper {
+ padding-left: 250px;
+ transition: all 0.4s ease 0s;
+}
+
+#sidebar-wrapper {
+ margin-left: -250px;
+ left: 250px;
+ width: 250px;
+ background: #f9f9f9;
+ position: fixed;
+ border-right-style: solid;
+ border-right-width: 1px;
+ border-right-color: #ddd;
+ height: 100%;
+ overflow-y: auto;
+ z-index: 1000;
+ transition: all 0.4s ease 0s;
+}
+
+#page-content-wrapper {
+ width: 100%;
+}
+
+.sidebar-nav {
+ position: absolute;
+ top: 0;
+ width: 250px;
+ list-style: none;
+ margin: 0;
+ padding: 0;
+}
+
+
+.sidebar-nav li {
+ text-indent: 20px;
+ line-height: 40px;
+}
+
+.sidebar-nav li a {
+ display: block;
+ text-decoration: none;
+ color: #666;
+}
+
+.sidebar-nav li a:hover {
+ text-decoration: none;
+ color: #fff;
+ background: rgba(0,150,255,0.7);
+}
+
+.sidebar-nav li a:active,
+.sidebar-nav li a:focus {
+ text-decoration: none;
+}
+
+.sidebar-nav > .sidebar-brand {
+ height: 65px;
+ font-size: 18px;
+ line-height: 60px;
+ color: #333333;
+}
+
+@media (max-width:767px) {
+
+ #wrapper {
+ padding-left: 0;
+ }
+
+ #sidebar-wrapper {
+ left: 0;
+ }
+
+ #wrapper.active {
+ position: relative;
+ left: 250px;
+ }
+
+ #wrapper.active #sidebar-wrapper {
+ left: 250px;
+ width: 250px;
+ transition: all 0.4s ease 0s;
+ }
+
+}
+
#preloader{
display:none;
}
@@ -24,6 +131,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
background:url("../img/flags.png") no-repeat
}
+
.flag.flag-ad {background-position: -16px 0}
.flag.flag-ae {background-position: -32px 0}
.flag.flag-af {background-position: -48px 0}
diff --git a/functions/connection.php b/functions/connection.php
index dac3e0d..27c308a 100644
--- a/functions/connection.php
+++ b/functions/connection.php
@@ -69,10 +69,6 @@ function ssl_conn_ciphersuites($host, $port, $ciphersuites){
return $results;
}
-
-
-
-
function ssl_conn_protocols($host, $port){
$old_error_reporting = error_reporting();
error_reporting($old_error_reporting ^ E_WARNING);
@@ -160,6 +156,7 @@ if ( $read_stream === false ) {
if ($context_meta) {
?>
+ <section id="conndata">
<h3>Connection Data</h3>
<table class="table table-striped table-bordered">
<tbody>
@@ -287,6 +284,7 @@ if ( $read_stream === false ) {
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-SHA384',
'ECDHE-ECDSA-AES256-SHA384',
+ 'TLS_FALLBACK_SCSV',
'ECDHE-RSA-AES256-SHA',
'ECDHE-ECDSA-AES256-SHA',
'SRP-DSS-AES-256-CBC-SHA',
@@ -454,6 +452,7 @@ if ( $read_stream === false ) {
foreach ($supported_ciphersuites as $key => $value) {
if($value == true){
if (in_array($key, $bad_ciphersuites)) {
+ $bad_ciphersuite = 1;
echo "";
echo "<span class='text-danger glyphicon glyphicon-remove'> ";
} else {
@@ -465,13 +464,16 @@ if ( $read_stream === false ) {
echo "<!-- ";
echo "<span class='glyphicon glyphicon-remove'></span> - ";
echo htmlspecialchars($key);
- echo " <br> -->";
+ echo " <br -->";
}
-
+ }
+ if ($bad_ciphersuite) {
+ ?>
+ <p><br>Ciphersuites containing <a href="https://en.wikipedia.org/wiki/Null_cipher">NULL</a>, <a href="https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States">EXP(ort)</a>, <a href="https://en.wikipedia.org/wiki/Weak_key">DES and RC4</a> are marked RED because they are suboptimal.</p>
+ <?php
}
?>
- <p><br>Ciphersuites containing <a href="https://en.wikipedia.org/wiki/Null_cipher">NULL</a>, <a href="https://en.wikipedia.org/wiki/Weak_key">DES and RC4</a> are marked RED because they are suboptimal.</p>
</td>
</tr>
<?php
@@ -572,6 +574,7 @@ if ( $read_stream === false ) {
</tr>
</tbody>
</table>
+ </section>
<?php
} else {
return false;
@@ -586,4 +589,4 @@ if ( $read_stream === false ) {
-?> \ No newline at end of file
+?>
diff --git a/functions/parse_certificate.php b/functions/parse_certificate.php
index c6656e5..250d4fe 100644
--- a/functions/parse_certificate.php
+++ b/functions/parse_certificate.php
@@ -14,6 +14,12 @@
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
+function get_cert_cn($raw_cert_data){
+ $cert_data = openssl_x509_parse($raw_cert_data);
+ if ($cert_data['subject']['CN']) {
+ return $cert_data['subject']['CN'];
+ }
+}
function cert_parse($raw_cert_data, $raw_next_cert_data=null, $csr=false, $host=null, $port=null, $is_issuer=false) {
global $random_blurp;
diff --git a/index.php b/index.php
index 42a1c70..f89c94b 100644
--- a/index.php
+++ b/index.php
@@ -38,13 +38,65 @@ foreach (glob("functions/*.php") as $filename) {
<script src="<?php echo(htmlspecialchars($current_folder)); ?>js/ajax.js"></script>
</head>
<body>
+ <div id="wrapper">
<a id="top-of-page"></a>
- <div class="container-fluid ">
+ <?php
+ if ( isset($_GET['host']) && !empty($_GET['host'])) {
+ $host = mb_strtolower(get($_GET['host']));
+ $port = get($_GET['port'], '443');
+ $csr = get($_GET['csr'], '');
+ if ( !is_numeric($port) ) {
+ $port = 443;
+ }
+ $stream = stream_context_create (array("ssl" =>
+ array("capture_peer_cert" => true,
+ "capture_peer_cert_chain" => true,
+ "verify_peer" => false,
+ "verify_peer_name" => false,
+ "allow_self_signed" => true,
+ "sni_enabled" => true)));
+ $read_stream = stream_socket_client("ssl://$host:$port", $errno, $errstr, 5, STREAM_CLIENT_CONNECT, $stream);
+ if ( $read_stream !== false ) {
+ $context = stream_context_get_params($read_stream);
+ $chain_data = $context["options"]["ssl"]["peer_certificate_chain"];
+ $chain_length = count($chain_data);
+ if (!empty($chain_data) && $chain_length < 10) {
+
+ ?>
+ <!-- Sidebar -->
+ <div id="sidebar-wrapper">
+ <nav>
+ <ul class="sidebar-nav">
+ <br>
+ <li class="sidebar-brand">
+ <h2>Navigation</h2>
+ </li>
+ <li><a href="#conndata"><strong>0</strong>: Connection Data</a></li>
+ <?php
+ foreach ($chain_data as $key => $value) {
+ $nextkey = $key + 1;
+ echo "<li><a href='#cert".$nextkey."'><strong>".$nextkey."</strong> : ". htmlspecialchars(get_cert_cn($value)) ."</a></li>";
+ }
+ ?>
+ <li><hr></li>
+ <li><a href="https://cipherli.st/">Strong Cipherlists</a></li>
+ <li><a href="https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html">Apache SSL Tutorial</a></li>
+ <li><a href="https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html">NGINX SSL Tutorial</a></li>
+ <li><a href="https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html">Lighttpd SSL Tutorial</a></li>
+ <li><a href="https://raymii.org">Raymii.org</a></li>
+ </ul>
+ </nav>
+ </div>
+ <!-- /#sidebar-wrapper -->
+ <?php
+ }
+ }
+ }
+ ?>
+<div id="page-content-wrapper">
+ <div class="container-fluid">
<div class="row">
-
-
<?php
-
if ( !isset($_GET['host']) || !isset($_GET['csr']) ) {
?>
<div class="col-md-10 col-md-offset-1">
@@ -105,24 +157,26 @@ foreach (glob("functions/*.php") as $filename) {
<?php
} else {
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
- ?><div class="col-md-10 col-md-offset-1">
+ ?>
+ <div class="col-md-10 col-md-offset-1">
<div class="page-header" >
<h1>SSL Decoder</h1>
</div>
<?php
- $write_cache = 1;
- if (!is_dir('results')) {
- mkdir('results');
+ // set backwrite_ to 1 after debugging
+ $write_cache = 1;
+ if (!is_dir('results')) {
+ mkdir('results');
+ }
+ $epoch = date('U');
+ $random_bla = md5(uniqid(rand(), true));
}
- $epoch = date('U');
- $random_bla = md5(uniqid(rand(), true));
+ $host = mb_strtolower(get($_GET['host']));
+ $port = get($_GET['port'], '443');
+ $csr = get($_GET['csr'], '');
+ if ( !is_numeric($port) ) {
+ $port = 443;
}
- $host = mb_strtolower(get($_GET['host']));
- $port = get($_GET['port'], '443');
- $csr = get($_GET['csr'], '');
- if ( !is_numeric($port) ) {
- $port = 443;
- }
if ( empty($csr) && !empty($host) ) {
@@ -155,54 +209,55 @@ foreach (glob("functions/*.php") as $filename) {
<p>This result is saved at most 60 days on <a href="<?php echo(htmlspecialchars($current_folder) . $cache_filename); ?>">the following URL</a>. Do note that this might be deleted earlier if space runs out.</p>
<?php
}
-
-
$context = stream_context_get_params($read_stream);
-
$context_meta = stream_context_get_options($read_stream)['ssl']['session_meta'];
-
$cert_data = openssl_x509_parse($context["options"]["ssl"]["peer_certificate"]);
$chain_data = $context["options"]["ssl"]["peer_certificate_chain"];
-
- if (!empty($chain_data)) {
-
- $chain_length = count($chain_data);
- $chain_arr_keys = ($chain_data);
- foreach(array_keys($chain_arr_keys) as $key) {
- $curr = $chain_data[$key];
- $next = $chain_data[$key+1];
- $prev = $chain_data[$key-1];
-
- if ($key == 0) {
-
- echo ssl_conn_metadata($host, $port, $chain_data);
-
- echo "<h2>Certificate for '". htmlspecialchars($host) ."'</h2>";
-
- if ( $chain_length > $key) {
- cert_parse($curr, $next, false, $host, $port, false);
- } else {
- cert_parse($curr, null, false, $host, $port, false);
- }
+ if (!empty($chain_data)) {
+ $chain_length = count($chain_data);
+ $chain_arr_keys = ($chain_data);
+ foreach(array_keys($chain_arr_keys) as $key) {
+ $curr = $chain_data[$key];
+ $next = $chain_data[$key+1];
+ $prev = $chain_data[$key-1];
+
+ if ($key == 0) {
+
+ echo ssl_conn_metadata($host, $port, $chain_data);
+ echo "<div class='content'><section id='cert1'>";
+ echo "<header><h2 class='sticky'>Certificate for '". htmlspecialchars($host) ."'</h2></header>";
+
+ if ( $chain_length > $key) {
+ cert_parse($curr, $next, false, $host, $port, false);
+ } else {
+ cert_parse($curr, null, false, $host, $port, false);
+ }
+ echo "</section></div>";
+ } else {
+ if ($key == 10) {
+ echo "<span class='text-danger'>Error: Certificate Chain to long.</span><br>.";
+ $write_cache = 0;
+ continue;
+ }
+ if ($key > 10) {
+ $write_cache = 0;
+ continue;
+ }
+ $nextkey = $key + 1;
+ echo "<div class='content'><section id='cert" . $nextkey . "'>";
+ echo "<header><h2 class='sticky'>Chain $key - " . htmlspecialchars(get_cert_cn($curr)) . "</h2></header>";
+
+ if ( $chain_length > $key) {
+ cert_parse($curr, $next, false, null, null, true);
} else {
- if ($key == 10) {
- echo "<span class='text-danger'>Error: Certificate Chain to long.</span><br>.";
- $write_cache = 0;
- continue;
- }
- if ($key > 10) {
- $write_cache = 0;
- continue;
- }
- echo "<h2>Chain $key</h2>";
- if ( $chain_length > $key) {
- cert_parse($curr, $next, false, null, null, true);
- } else {
- cert_parse($curr, null, false, null, null, true);
- }
+ cert_parse($curr, null, false, null, null, true);
}
+ echo "</section></div>";
}
+
}
+ }
+
}
} else if (!empty($csr) && empty($host) ) {
@@ -210,9 +265,9 @@ foreach (glob("functions/*.php") as $filename) {
echo "<p><strong>This tool does not make conclusions. Please check the data and define the validity yourself!</strong><br>\n &nbsp;</p> <br>";
if (strpos($csr, "BEGIN CERTIFICATE REQUEST") !== false) {
- echo "<h2>CSR </h2><p>";
+ echo "<header><h2>CSR </h2></header><p>";
} else {
- echo "<h2>Certificate </h2><p>";
+ echo "<header><h2>Certificate </h2></header><p>";
}
cert_parse($csr, null, true);
@@ -245,13 +300,58 @@ foreach (glob("functions/*.php") as $filename) {
?>
<div class="footer">
<div class="col-md-6 col-md-offset-1 container">
- <p class="text-muted">By <a href="https://raymii.org/s/software/OpenSSL_Decoder.html">Remy van Elst</a>. License: GNU GPLv3. <a href="https://github.com/RaymiiOrg/ssl-decoder">Source code</a>. <strong><a href="https://cipherli.st/">Strong SSL Ciphers & Config settings @ Cipherli.st</a></strong>. Version: 1.8</p>
+ <p class="text-muted">By <a href="https://raymii.org/s/software/OpenSSL_Decoder.html">Remy van Elst</a>. License: GNU GPLv3. <a href="https://github.com/RaymiiOrg/ssl-decoder">Source code</a>. <strong><a href="https://cipherli.st/">Strong SSL Ciphers & Config settings @ Cipherli.st</a></strong>. Version: 1.9</p>
</div>
</div>
+ </div>
+ </div>
<?php
}
?>
+
+<script>
+
+ $(document).ready(function(){
+ var aChildren = $("nav li").children(); // find the a children of the list items
+ var aArray = []; // create the empty aArray
+ for (var i=0; i < aChildren.length; i++) {
+ var aChild = aChildren[i];
+ var ahref = $(aChild).attr('href');
+ if(ahref && strStartsWith(ahref, "#") ) {
+ aArray.push(ahref);
+ }
+ } // this for loop fills the aArray with attribute href values
+
+ $(window).scroll(function(){
+
+ var windowPos = $(window).scrollTop(); // get the offset of the window from the top of page
+ var windowHeight = $(window).height(); // get the height of the window
+ var docHeight = $(document).height();
+
+ for (var i=0; i < aArray.length; i++) {
+ var theID = aArray[i];
+ var divPos = $(theID).offset().top; // get the offset of the div from the top of page
+ var divHeight = $(theID).height(); // get the height of the div in question
+ if (windowPos >= divPos && windowPos < (divPos + divHeight)) {
+ $("a[href='" + theID + "']").addClass("nav-active");
+ } else {
+ $("a[href='" + theID + "']").removeClass("nav-active");
+ }
+ }
+
+ if(windowPos + windowHeight == docHeight) {
+ if (!$("nav li:last-child a").hasClass("nav-active")) {
+ var navActiveCurrent = $(".nav-active").attr("href");
+ $("a[href='" + navActiveCurrent + "']").removeClass("nav-active");
+ $("nav li:last-child a").addClass("nav-active");
+ }
+ }
+ });
+ });
+
+</script>
+
</body>
</html>
<?php
diff --git a/js/ajax.js b/js/ajax.js
index c9dba57..cc71e92 100644
--- a/js/ajax.js
+++ b/js/ajax.js
@@ -85,4 +85,9 @@ function showElementbyID(show, element){
document.getElementById(element).style.display='block';
else
document.getElementById(element).style.display='none';
-} \ No newline at end of file
+}
+
+function strStartsWith(str, prefix) {
+ return str.indexOf(prefix) === 0;
+}
+
generated by cgit v1.1 at 2025-05-10 23:28:44 +0000