SSL/TLS

Working with SSL/TLS connections is a very important job and it comes in tow shapes. (1) Secure HTTP connection. (2) Secure Socket. To reduce the redundancy, I'll deal with both in this section, instead of putting the http part under Web Kung Fu section.

Certificate Validation

Validate HTTPS Certificate

validate_https_cert.rb

#!/usr/bin/env ruby
#
# KING SABRI | @KINGSABRI
#
require 'open-uri'

def validate_https_cert(target)  begin
    open("https://#{target}")
    puts '[+] Valid SSL Certificate!'
  rescue OpenSSL::SSL::SSLError
    puts '[+] Invalid SSL Certificate!'
  end
end

good_ssl = 'google.com'
bad_ssl  = 'expired.badssl.com'

validate_https_cert good_ssl
validate_https_cert bad_ssl

Validate Secure Socket Certificate

validate_socket_cert.rb

#!/usr/bin/env ruby
#
# KING SABRI | @KINGSABRI
#
require 'socket'
require 'openssl'

def validate_socket_cert(target)
  ssl_context = OpenSSL::SSL::SSLContext.new  
  ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER  
  cert_store = OpenSSL::X509::Store.new  
  cert_store.set_default_paths  
  ssl_context.cert_store = cert_store  
  socket = TCPSocket.new(target, 443)  
  ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)  
  begin    
    ssl_socket.connect    
    puts '[+] Valid SSL Certificate!'  
  rescue OpenSSL::SSL::SSLError    
    puts '[+] Invalid SSL Certificate!'  
  end
end

good_ssl = 'google.com'
bad_ssl  = 'expired.badssl.com'

validate_socket_cert good_ssl
validate_socket_cert bad_ssl

Putting all together

ssl_validator.rb

#!/usr/bin/env ruby
#
# SSL/TLS validator
# KING SABRI | @KINGSABRI
#

def validate_ssl(target, conn_type=:web)

  case conn_type
    # Web Based SSL
    when :web
      require 'open-uri'

      begin
        open("https://#{target}")
        puts '[+] Valid SSL Certificate!'
      rescue OpenSSL::SSL::SSLError
        puts '[+] Invalid SSL Certificate!'
      end
    # Socked Based SSL
    when :socket
      require 'socket'
      require 'openssl'

      ssl_context = OpenSSL::SSL::SSLContext.new
      ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
      cert_store = OpenSSL::X509::Store.new
      cert_store.set_default_paths
      ssl_context.cert_store = cert_store
      socket = TCPSocket.new(target, 443)
      ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)

      begin
        ssl_socket.connect
        puts '[+] Valid SSL Certificate!'
      rescue OpenSSL::SSL::SSLError
        puts '[+] Invalid SSL Certificate!'
      end

    else
      puts '[!] Unknown connection type!'
  end

end


good_ssl = 'google.com'
bad_ssl  = 'expired.badssl.com'

validate_ssl(bad_ssl, :web)
validate_ssl(bad_ssl, :socket)

validate_ssl(good_ssl, :web)
validate_ssl(good_ssl, :socket)

Run it

ruby ssl_validator.rb

[+] Invalid SSL Certificate!
[+] Invalid SSL Certificate!
[+] Valid SSL Certificate!
[+] Valid SSL Certificate!

PreviousRuby Socket NextSSID Finder

Last updated 5 years ago