Rubyfu
TwitterGithubNEW! Black Hat RubyBuy Me a Coffee
Search…
Primary version
Module 0x0 | Introduction
Contribution
Beginners
Required Gems
Module 0x1 | Basic Ruby Kung Fu
Module 0x2 | System Kung Fu
Module 0x3 | Network Kung Fu
Ruby Socket
SSL/TLS
SSID Finder
FTP
SSH
Email
Network Scanning
DNS
SNMP Enumeration
Packet Manipulation
Memcached
AMQP
Module 0x4 | Web Kung Fu
Module 0x5 | Exploitation Kung Fu
Module 0x6 | Forensic Kung Fu
Module 0x7 | OSINT Kung Fu
References
FAQs
Contributors
Powered By GitBook
SSL/TLS
Working with SSL/TLS connections is a very important job and it comes in tow shapes. (1) Secure HTTP connection. (2) Secure Socket. To reduce the redundancy, I'll deal with both in this section, instead of putting the http part under Web Kung Fu section.

Certificate Validation

Validate HTTPS Certificate

validate_https_cert.rb
1
#!/usr/bin/env ruby
2
#
3
# KING SABRI | @KINGSABRI
4
#
5
require 'open-uri'
6
​
7
def validate_https_cert(target) begin
8
open("https://#{target}")
9
puts '[+] Valid SSL Certificate!'
10
rescue OpenSSL::SSL::SSLError
11
puts '[+] Invalid SSL Certificate!'
12
end
13
end
14
​
15
good_ssl = 'google.com'
16
bad_ssl = 'expired.badssl.com'
17
​
18
validate_https_cert good_ssl
19
validate_https_cert bad_ssl
Copied!

Validate Secure Socket Certificate

validate_socket_cert.rb
1
#!/usr/bin/env ruby
2
#
3
# KING SABRI | @KINGSABRI
4
#
5
require 'socket'
6
require 'openssl'
7
​
8
def validate_socket_cert(target)
9
ssl_context = OpenSSL::SSL::SSLContext.new
10
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
11
cert_store = OpenSSL::X509::Store.new
12
cert_store.set_default_paths
13
ssl_context.cert_store = cert_store
14
socket = TCPSocket.new(target, 443)
15
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
16
begin
17
ssl_socket.connect
18
puts '[+] Valid SSL Certificate!'
19
rescue OpenSSL::SSL::SSLError
20
puts '[+] Invalid SSL Certificate!'
21
end
22
end
23
​
24
good_ssl = 'google.com'
25
bad_ssl = 'expired.badssl.com'
26
​
27
validate_socket_cert good_ssl
28
validate_socket_cert bad_ssl
Copied!

Putting all together

ssl_validator.rb
1
#!/usr/bin/env ruby
2
#
3
# SSL/TLS validator
4
# KING SABRI | @KINGSABRI
5
#
6
​
7
def validate_ssl(target, conn_type=:web)
8
​
9
case conn_type
10
# Web Based SSL
11
when :web
12
require 'open-uri'
13
​
14
begin
15
open("https://#{target}")
16
puts '[+] Valid SSL Certificate!'
17
rescue OpenSSL::SSL::SSLError
18
puts '[+] Invalid SSL Certificate!'
19
end
20
# Socked Based SSL
21
when :socket
22
require 'socket'
23
require 'openssl'
24
​
25
ssl_context = OpenSSL::SSL::SSLContext.new
26
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
27
cert_store = OpenSSL::X509::Store.new
28
cert_store.set_default_paths
29
ssl_context.cert_store = cert_store
30
socket = TCPSocket.new(target, 443)
31
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
32
​
33
begin
34
ssl_socket.connect
35
puts '[+] Valid SSL Certificate!'
36
rescue OpenSSL::SSL::SSLError
37
puts '[+] Invalid SSL Certificate!'
38
end
39
​
40
else
41
puts '[!] Unknown connection type!'
42
end
43
​
44
end
45
​
46
​
47
good_ssl = 'google.com'
48
bad_ssl = 'expired.badssl.com'
49
​
50
validate_ssl(bad_ssl, :web)
51
validate_ssl(bad_ssl, :socket)
52
​
53
validate_ssl(good_ssl, :web)
54
validate_ssl(good_ssl, :socket)
Copied!
Run it
1
ruby ssl_validator.rb
2
​
3
[+] Invalid SSL Certificate!
4
[+] Invalid SSL Certificate!
5
[+] Valid SSL Certificate!
6
[+] Valid SSL Certificate!
Copied!
Previous
Ruby Socket
Next
SSID Finder
Copy link
Contents
Certificate Validation
Validate HTTPS Certificate
Validate Secure Socket Certificate
Putting all together