diff options
Diffstat (limited to 'tor-exit-ssl-check')
-rwxr-xr-x | tor-exit-ssl-check | 76 |
1 files changed, 43 insertions, 33 deletions
diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check index 38807d7..dafccf5 100755 --- a/tor-exit-ssl-check +++ b/tor-exit-ssl-check @@ -24,8 +24,10 @@ set -e set -u +shopt -s extglob + usage() { - echo "Usage: $0 [-v [-v]] [-d <datadir>] <torserver-fpr> <targethost> [<targetport>]" + echo "Usage: $0 [-v [-v]] [-d <datadir>] <torserver-fpr> <targethost>[:<targetport>] [<targethost>[:<targetport>] [...]]" echo " If torserver-fpr is -, a list of fingerprints is read from stdin" } @@ -61,8 +63,7 @@ fi torserver="$1"; shift -hostname="$1"; shift -port="${1:-443}" +declare -a targets=("$@") socksport=$((RANDOM % 40000 + 20000)) mapaddr="192.0.2.1" @@ -111,7 +112,6 @@ SocksPort $socksport PidFile $pidfile Log $loglevel file $torlog SafeLogging 0 -# MapAddress $mapaddr $hostname.\$$torserver.exit ControlSocket $tmpdir/sock StrictNodes 1 EOF @@ -145,10 +145,15 @@ expect_ok() { fi } -[ "$verbose" = 0 ] || echo "Directly:" -openssl s_client -no_ticket -showcerts -connect "$hostname":"$port" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct" -egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct" > "$tmpdir/cert-direct.filtered" -[ "$verbose" = 0 ] || echo "====" +for ((i=0; i < ${#targets[@]}; i++)); do + host="${targets[$i]}" + [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" + + [ "$verbose" = 0 ] || echo "Directly to $host:" + openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i" + egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered" + [ "$verbose" = 0 ] || echo "====" +done coproc socat UNIX-CONNECT:"$tmpdir/sock" - @@ -176,31 +181,36 @@ while : ; do echo "SETCONF ExitNodes=\$$server" >&${COPROC[1]} expect_ok - rm -f "$tmpdir/cert-tor" "$tmpdir/cert-tor.filtered" - - [ "$verbose" = 0 ] || echo "Via $server:" - TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$hostname":"$port" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor" - - egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-tor" > "$tmpdir/cert-tor.filtered" - - if diff "$tmpdir/cert-tor.filtered" "$tmpdir/cert-direct.filtered" > /dev/null; then - echo "RESULT: $server: No real differences." - [ "$verbose" = 0 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - elif egrep '^connect:errno=' "$tmpdir/cert-tor" > /dev/null; then - [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - echo "RESULT: $server: Connect failed" - errors=$((errors | 0x02)) - elif egrep '^[0-9]*:error:.*:ssl handshake failure:' "$tmpdir/cert-tor" > /dev/null; then - [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - echo "RESULT: $server: SSL Handshake failed" - errors=$((errors | 0x04)) - else - echo "RESULT: $server: differences!" - [ "$verbose" = 0 ] || echo "====" - [ "$verbose" = 0 ] || echo "Diff:" - diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - errors=$((errors | 0x08)) - fi + for ((i=0; i < ${#targets[@]}; i++)); do + host="${targets[$i]}" + [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" + + rm -f "$tmpdir/cert-tor-$i" "$tmpdir/cert-tor-$i.filtered" + + [ "$verbose" = 0 ] || echo "Via $server to $host:" + TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor-$i" + + egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered" + + if diff "$tmpdir/cert-tor-$i.filtered" "$tmpdir/cert-direct-$i.filtered" > /dev/null; then + echo "RESULT: $server: No real differences." + [ "$verbose" = 0 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + elif egrep '^connect:errno=' "$tmpdir/cert-tor-$i" > /dev/null; then + [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + echo "RESULT: $server: Connect failed" + errors=$((errors | 0x02)) + elif egrep '^[0-9]*:error:.*:ssl handshake failure:' "$tmpdir/cert-tor-$i" > /dev/null; then + [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + echo "RESULT: $server: SSL Handshake failed" + errors=$((errors | 0x04)) + else + echo "RESULT: $server: differences!" + [ "$verbose" = 0 ] || echo "====" + [ "$verbose" = 0 ] || echo "Diff:" + diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + errors=$((errors | 0x08)) + fi + done [ "$torserver" = "-" ] || break done |