httpinfo

package
v0.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Package httpinfo provides functionality to extract HTTP header information

Package httpinfo provides functionality to extract HTTP header information

Package httpinfo provides functionality to extract HTTP header information

Package httpinfo provides functionality to extract HTTP header and SSL/TLS information

Package httpinfo provides functionality to extract HTTP header information

Index

Constants

View Source 
const (
	YYYYMMDD = "2006.01.02"
)

Initialize a variable to store the debug level

Variables

This section is empty.

Functions

func ComputeBLAKE2 added in v0.9.4 

func ComputeBLAKE2(data *CollectedData) string

func ComputeCityHash added in v0.9.4 

func ComputeCityHash(data *CollectedData) string

func ComputeCustomTLS added in v0.9.4 

func ComputeCustomTLS(data *CollectedData) string

func ComputeHASSH added in v0.9.4 

func ComputeHASSH(data *CollectedData) string

func ComputeHASSHServer added in v0.9.4 

func ComputeHASSHServer(data *CollectedData) string

func ComputeJA3 added in v0.9.4 

func ComputeJA3(data *CollectedData) string

func ComputeJA3S added in v0.9.4 

func ComputeJA3S(data *CollectedData) string

func ComputeJARM added in v0.9.4 

func ComputeJARM(data *CollectedData) string

func ComputeMinHash added in v0.9.4 

func ComputeMinHash(data *CollectedData) string

func ComputeMurmurHash added in v0.9.4 

func ComputeMurmurHash(data *CollectedData) string

func ComputeSHA256 added in v0.9.4 

func ComputeSHA256(data *CollectedData) string

func ComputeSimHash added in v0.9.4 

func ComputeSimHash(data *CollectedData) string

func ComputeTLSH added in v0.9.4 

func ComputeTLSH(data *CollectedData) string

func DecodeCert added in v0.9.2 

func DecodeCert(certBase64 string) (*x509.Certificate, error)

DecodeCert decodes a base64-encoded certificate stored in SSLDetails

func PrintClientHelloDetails added in v0.9.4 

func PrintClientHelloDetails(packet []byte)

Print out detailed parts of the ClientHello message

func ProcessAuthFile 

func ProcessAuthFile()

This function processes the CSV file with the list of Authorities if the file doesn't exists then it will pull it down from https://www.ccadb.org/resources if the file exists it will process it and store elements in the Authority data structure.

Types

type Authority 

type Authority struct {
	CAOwner                           string `json:"ca_owner"`
	SalesforceRecordID                string `json:"salesforce_record_id"`
	CertificateName                   string `json:"certificate_name"`
	ParentSalesforceRecordID          string `json:"parent_salesforce_record_id"`
	ParentCertificateName             string `json:"parent_certificate_name"`
	CertificateRecordType             string `json:"certificate_record_type"`
	RevocationStatus                  string `json:"revocation_status"`
	SHA256Fingerprint                 string `json:"sha256_fingerprint"`
	ParentSHA256Fingerprint           string `json:"parent_sha256_fingerprint"`
	AuditsSameAsParent                string `json:"audits_same_as_parent"`
	Auditor                           string `json:"auditor"`
	StandardAuditURL                  string `json:"standard_audit_url"`
	StandardAuditType                 string `json:"standard_audit_type"`
	StandardAuditStatementDate        string `json:"standard_audit_statement_date"`
	StandardAuditPeriodStartDate      string `json:"standard_audit_period_start_date"`
	StandardAuditPeriodEndDate        string `json:"standard_audit_period_end_date"`
	BRAuditURL                        string `json:"br_audit_url"`
	BRAuditType                       string `json:"br_audit_type"`
	BRAuditStatementDate              string `json:"br_audit_statement_date"`
	BRAuditPeriodStartDate            string `json:"br_audit_period_start_date"`
	BRAuditPeriodEndDate              string `json:"br_audit_period_end_date"`
	EVSSLAuditURL                     string `json:"evssl_audit_url"`
	EVSSLAuditType                    string `json:"evssl_audit_type"`
	EVSSLAuditStatementDate           string `json:"evssl_audit_statement_date"`
	EVSSLAuditPeriodStartDate         string `json:"evssl_audit_period_start_date"`
	EVSSLPeriodEndDate                string `json:"evssl_period_end_date"`
	EVCodeSigningAuditURL             string `json:"ev_code_signing_audit_url"`
	EVCodeSigningAuditType            string `json:"ev_code_signing_audit_type"`
	EVCodeSigningAuditStatementDate   string `json:"ev_code_signing_audit_statement_date"`
	EVCodeSigningAuditPeriodStartDate string `json:"ev_code_signing_audit_period_start_date"`
	EVCodeSigningAuditPeriodEndDate   string `json:"ev_code_signing_audit_period_end_date"`
	CPCPSSameAsParent                 string `json:"cpcps_same_as_parent"`
	CertificatePolicyURL              string `json:"certificate_policy_url"`
	CertificatePracticeStatementURL   string `json:"certificate_practice_statement_url"`
	CPCPSLastUpdatedDate              string `json:"cpcps_last_updated_date"`
	TestWebsiteURLValid               string `json:"test_website_url_valid"`
	TestWebsiteURLExpired             string `json:"test_website_url_expired"`
	TestWebsiteURLRevoked             string `json:"test_website_url_revoked"`
	TechnicallyConstrained            string `json:"technically_constrained"`
	MozillaStatus                     string `json:"mozilla_status"`
	MicrosoftStatus                   string `json:"microsoft_status"`
	SubordinateCAOwner                string `json:"subordinate_ca_owner"`
	FullCRLIssuedByThisCA             string `json:"full_crl_issued_by_this_ca"`
	JSONArrayOfPartitionedCRLs        string `json:"json_array_of_partitioned_crls"`
	ValidFromGMT                      string `json:"valid_from_gmt"`
	ValidToGMT                        string `json:"valid_to_gmt"`
	ChromeStatus                      string `json:"chrome_status"`
}

This struct is used to store the info we fetch about trustworthy authorities from https://www.ccadb.org/resources

type CertChain added in v0.9.2 

type CertChain struct {
	Certificates []string `json:"certificates"`
}

CertChain is a struct to store the base64-encoded certificate chain

type CollectedData added in v0.9.4 

type CollectedData struct {
	TLSClientHello     []byte
	TLSClientHelloInfo *tls.ClientHelloInfo
	TLSHandshakeState  tls.ConnectionState
	TLSCertificates    []*x509.Certificate
	RawClientHello     []byte
	RawServerHello     []byte
	SSHClientHello     []byte
	SSHServerHello     []byte
	JARMFingerprint    string
}

CollectedData is a struct to store the collected data from a TLS handshake

type Config 

type Config struct {
	URL             string
	CustomHeader    map[string]string
	FollowRedirects bool
	Timeout         int
	SSLMode         string
	SSLDiscovery    cfg.SSLScoutConfig
	SSHDiscovery    bool
	Proxies         []cfg.SOCKSProxy // SOCKS proxies
}

Config is a struct to specify the configuration for header extraction

func CreateConfig 

func CreateConfig(url string, c cfg.Config) Config

CreateConfig creates a default Config

type DataCollector added in v0.9.4 

type DataCollector struct {
	Proxy *cfg.SOCKSProxy
}

func (DataCollector) CollectAll added in v0.9.4 

func (dc DataCollector) CollectAll(host string, port string, c *Config) (*CollectedData, error)

func (DataCollector) CollectSSH added in v0.9.4 

func (dc DataCollector) CollectSSH(collectedData *CollectedData, host string, port string) error

type HTTPDetails 

type HTTPDetails struct {
	URL              string                           `json:"url"`
	CustomHeaders    map[string]string                `json:"custom_headers"`
	FollowRedirects  bool                             `json:"follow_redirects"`
	ResponseHeaders  http.Header                      `json:"response_headers"`
	SSLInfo          SSLDetails                       `json:"ssl_info"`
	DetectedEntities map[string]detect.DetectedEntity `json:"detected_assets"`
}

HTTPDetails is a struct to store the collected HTTP header information

func ExtractHTTPInfo 

func ExtractHTTPInfo(config Config, re *ruleset.RuleEngine, htmlContent string) (*HTTPDetails, error)

ExtractHTTPInfo extracts HTTP header information based on the provided configuration

type JARMCollector added in v0.9.4 

type JARMCollector struct {
	Proxy *cfg.SOCKSProxy
}

func (JARMCollector) Collect added in v0.9.4 

func (jc JARMCollector) Collect(host string, port string) (string, error)

Collect collects JARM fingerprint for a given host and port

type ProxyConfig added in v0.9.4 

type ProxyConfig struct {
	Address  string
	Username string
	Password string
}

type SSLDetails added in v0.9.2 

type SSLDetails struct {
	URL                          string            `json:"url"`
	Issuers                      []string          `json:"issuers"`                    // List of issuers
	OwnerOrganizations           []string          `json:"owner_organizations"`        // Organizations
	OwnerOrganizationalUnits     []string          `json:"owner_organizational_units"` // Organizational Units
	OwnerCountries               []string          `json:"owner_countries"`            // Countries
	OwnerStates                  []string          `json:"owner_states"`               // States
	OwnerLocalities              []string          `json:"owner_localities"`           // Localities
	OwnerCommonNames             []string          `json:"owner_common_names"`         // Common Names
	FQDNs                        []string          `json:"fqdns"`                      // List of FQDNs the certificate is valid for
	PublicKeys                   []string          `json:"public_keys"`                // Public key info, possibly base64-encoded
	SignatureAlgorithms          []string          `json:"signature_algorithms"`       // Signature algorithms used
	CertChains                   []CertChain       `json:"cert_chain"`                 // Base64-encoded certificates
	IsCertChainOrderValid        bool              `json:"is_cert_chain_order_valid"`
	IsRootTrustworthy            bool              `json:"is_root_trustworthy"`
	IsCertValid                  bool              `json:"is_cert_valid"`
	IsCertExpired                bool              `json:"is_cert_expired"`
	IsCertRevoked                bool              `json:"is_cert_revoked"`
	IsCertSelfSigned             bool              `json:"is_cert_self_signed"`
	IsCertCA                     bool              `json:"is_cert_ca"`
	IsCertIntermediate           bool              `json:"is_cert_intermediate"`
	IsCertLeaf                   bool              `json:"is_cert_leaf"`
	IsCertTrusted                bool              `json:"is_cert_trusted"`
	IsCertTechnicallyConstrained bool              `json:"is_cert_technically_constrained"`
	IsCertEV                     bool              `json:"is_cert_ev"`
	IsCertEVSSL                  bool              `json:"is_cert_ev_ssl"`
	CertExpiration               string            `json:"cert_expiration"` // Use string to simplify
	Fingerprints                 map[string]string `json:"fingerprints,omitempty"`
}

SSLDetails is identical to SSLInfo, however it is designed to be easy to unmarshal/marshal from/to JSON, so it's used to store data on the DB and return data from requests.

func ConvertSSLInfoToDetails added in v0.9.2 

func ConvertSSLInfoToDetails(info SSLInfo) (SSLDetails, error)

ConvertSSLInfoToDetails converts SSLInfo to SSLDetails

type SSLInfo 

type SSLInfo struct {
	URL                          string              `json:"url"`
	CertChain                    []*x509.Certificate `json:"cert_chain"`
	IntermediateAuthorities      []string            `json:"intermediate_authorities"`
	IsCertChainOrderValid        bool                `json:"is_cert_chain_order_valid"`
	IsRootTrustworthy            bool                `json:"is_root_trustworthy"`
	IsCertValid                  bool                `json:"is_cert_valid"`
	IsCertExpired                bool                `json:"is_cert_expired"`
	IsCertRevoked                bool                `json:"is_cert_revoked"`
	IsCertSelfSigned             bool                `json:"is_cert_self_signed"`
	IsCertCA                     bool                `json:"is_cert_ca"`
	IsCertIntermediate           bool                `json:"is_cert_intermediate"`
	IsCertLeaf                   bool                `json:"is_cert_leaf"`
	IsCertTrusted                bool                `json:"is_cert_trusted"`
	IsCertTechnicallyConstrained bool                `json:"is_cert_technically_constrained"`
	IsCertEV                     bool                `json:"is_cert_ev"`
	IsCertEVCodeSigning          bool                `json:"is_cert_ev_code_signing"`
	IsCertEVSSL                  bool                `json:"is_cert_ev_ssl"`
	IsCertEVSGC                  bool                `json:"is_cert_ev_sgc"`
	IsCertEVSGCSSL               bool                `json:"is_cert_ev_sgc_ssl"`
	IsCertEVSGCCA                bool                `json:"is_cert_ev_sgc_ca"`
	IsCertEVSGCCASSL             bool                `json:"is_cert_ev_sgc_ca_ssl"`
	IsCertEVSGCCACodeSigning     bool                `json:"is_cert_ev_sgc_ca_code_signing"`
	IsCertEVSGCCACodeSigningSSL  bool                `json:"is_cert_ev_sgc_ca_code_signing_ssl"`
	IsCertEVSGCCodeSigning       bool                `json:"is_cert_ev_sgc_ca_code_signing_ev"`
	IsCertEVSGCCodeSigningSSL    bool                `json:"is_cert_ev_sgc_ca_code_signing_ev_ssl"`
	CertExpiration               cmn.FlexibleDate    `json:"cert_expiration"`
	Fingerprints                 map[string]string   `json:"fingerprints"`
}

SSLInfo contains information about the SSL certificate detected on a website

func NewSSLInfo 

func NewSSLInfo() *SSLInfo

NewSSLInfo creates a new SSLInfo instance

func (*SSLInfo) CollectSSLData added in v0.9.4 

func (ssl *SSLInfo) CollectSSLData(url string, port string, c *Config) error

func (*SSLInfo) ExtractInfo 

func (ssl *SSLInfo) ExtractInfo(url string) error

ExtractSSLInfo extracts SSL information from the provided URL

func (*SSLInfo) GetSSLInfo 

func (ssl *SSLInfo) GetSSLInfo(url string, port string) error

func (*SSLInfo) String 

func (ssl *SSLInfo) String() string

String returns a string representation of the SSLInfo

func (*SSLInfo) ValidateCertificate 

func (ssl *SSLInfo) ValidateCertificate() error

type SSLInfoExtractor 

type SSLInfoExtractor interface {
	ExtractInfo(url string) error
}

SSLInfoExtractor is an interface for extracting SSL information

type SSLInfoFactory 

type SSLInfoFactory interface {
	NewSSLInfo() *SSLInfo
}

SSLInfoFactory is an interface for creating SSLInfo instances

type SSLInfoFactoryImpl 

type SSLInfoFactoryImpl struct{}

SSLInfoFactoryImpl is an implementation of the SSLInfoFactory interface

func NewSSLInfoFactory 

func NewSSLInfoFactory() *SSLInfoFactoryImpl

NewSSLInfoFactory creates a new SSLInfoFactory instance

func (*SSLInfoFactoryImpl) NewSSLInfo 

func (f *SSLInfoFactoryImpl) NewSSLInfo() *SSLInfo

NewSSLInfo creates a new SSLInfo instance

type SSLInfoStringer 

type SSLInfoStringer interface {
	String() string
}

SSLInfoStringer is an interface for string-ifying SSL information

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.