SSL/TLS
Working with SSL/TLS connections is a very important job and it comes in tow shapes. (1) Secure HTTP connection. (2) Secure Socket. To reduce the redundancy, I'll deal with both in this section, instead of putting the http part under Web Kung Fu section.

Certificate Validation

Validate HTTPS Certificate

validate_https_cert.rb
1
#!/usr/bin/env ruby
2
#
3
# KING SABRI | @KINGSABRI
4
#
5
require 'open-uri'
6
7
def validate_https_cert(target) begin
8
open("https://#{target}")
9
puts '[+] Valid SSL Certificate!'
10
rescue OpenSSL::SSL::SSLError
11
puts '[+] Invalid SSL Certificate!'
12
end
13
end
14
15
good_ssl = 'google.com'
16
bad_ssl = 'expired.badssl.com'
17
18
validate_https_cert good_ssl
19
validate_https_cert bad_ssl
Copied!

Validate Secure Socket Certificate

validate_socket_cert.rb
1
#!/usr/bin/env ruby
2
#
3
# KING SABRI | @KINGSABRI
4
#
5
require 'socket'
6
require 'openssl'
7
8
def validate_socket_cert(target)
9
ssl_context = OpenSSL::SSL::SSLContext.new
10
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
11
cert_store = OpenSSL::X509::Store.new
12
cert_store.set_default_paths
13
ssl_context.cert_store = cert_store
14
socket = TCPSocket.new(target, 443)
15
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
16
begin
17
ssl_socket.connect
18
puts '[+] Valid SSL Certificate!'
19
rescue OpenSSL::SSL::SSLError
20
puts '[+] Invalid SSL Certificate!'
21
end
22
end
23
24
good_ssl = 'google.com'
25
bad_ssl = 'expired.badssl.com'
26
27
validate_socket_cert good_ssl
28
validate_socket_cert bad_ssl
Copied!

Putting all together

ssl_validator.rb
1
#!/usr/bin/env ruby
2
#
3
# SSL/TLS validator
4
# KING SABRI | @KINGSABRI
5
#
6
7
def validate_ssl(target, conn_type=:web)
8
9
case conn_type
10
# Web Based SSL
11
when :web
12
require 'open-uri'
13
14
begin
15
open("https://#{target}")
16
puts '[+] Valid SSL Certificate!'
17
rescue OpenSSL::SSL::SSLError
18
puts '[+] Invalid SSL Certificate!'
19
end
20
# Socked Based SSL
21
when :socket
22
require 'socket'
23
require 'openssl'
24
25
ssl_context = OpenSSL::SSL::SSLContext.new
26
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
27
cert_store = OpenSSL::X509::Store.new
28
cert_store.set_default_paths
29
ssl_context.cert_store = cert_store
30
socket = TCPSocket.new(target, 443)
31
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
32
33
begin
34
ssl_socket.connect
35
puts '[+] Valid SSL Certificate!'
36
rescue OpenSSL::SSL::SSLError
37
puts '[+] Invalid SSL Certificate!'
38
end
39
40
else
41
puts '[!] Unknown connection type!'
42
end
43
44
end
45
46
47
good_ssl = 'google.com'
48
bad_ssl = 'expired.badssl.com'
49
50
validate_ssl(bad_ssl, :web)
51
validate_ssl(bad_ssl, :socket)
52
53
validate_ssl(good_ssl, :web)
54
validate_ssl(good_ssl, :socket)
Copied!
Run it
1
ruby ssl_validator.rb
2
3
[+] Invalid SSL Certificate!
4
[+] Invalid SSL Certificate!
5
[+] Valid SSL Certificate!
6
[+] Valid SSL Certificate!
Copied!