sni.go

   1 package main
   2
   3 import (
   4         "crypto/tls"
   5         "net"
   6         "net/http"
   7         "net/http/httputil"
   8         "time"
   9         "math/rand"
  10         "fmt"
  11 )
  12
  13 func testSni(ip string, config *ScanConfig, record *ScanRecord) bool {
  14         tlscfg := &tls.Config{
  15                 InsecureSkipVerify: true,
  16         }
  17         var Host string
  18         var VerifyCN string
  19         if len(config.HTTPVerifyHosts) == 0 {
  20                 Host = randomHost()
  21         } else {
  22                 Host = config.HTTPVerifyHosts[rand.Intn(len(config.HTTPVerifyHosts))]
  23         }
  24         if len(config.VerifyCommonName) == 0 {
  25                 VerifyCN = randomHost()
  26         } else {
  27                 VerifyCN = config.VerifyCommonName[rand.Intn(len(config.VerifyCommonName))]
  28         }
  29         for _, serverName := range config.ServerName {
  30                 start := time.Now()
  31                 conn, err := net.DialTimeout("tcp", net.JoinHostPort(ip, "443"), config.ScanMaxRTT)
  32                 if err != nil {
  33                         return false
  34                 }
  35
  36                 tlscfg.ServerName = serverName
  37                 tlsconn := tls.Client(conn, tlscfg)
  38                 tlsconn.SetDeadline(time.Now().Add(config.HandshakeTimeout))
  39                 if err = tlsconn.Handshake(); err != nil {
  40                         tlsconn.Close()
  41                         return false
  42                 }
  43                 if config.Level > 1 {
  44                         pcs := tlsconn.ConnectionState().PeerCertificates
  45                         if len(pcs) == 0 || pcs[0].Subject.CommonName != VerifyCN {
  46                                 fmt.Println("CN: %s", pcs[0].Subject.CommonName)
  47                                 tlsconn.Close()
  48                                 return false
  49                         }
  50                 }
  51                 if config.Level > 2 {
  52                         req, err := http.NewRequest(http.MethodHead, "https://"+serverName, nil)
  53                         req.Header.Add("Host", Host)
  54                         if err != nil {
  55                                 tlsconn.Close()
  56                                 return false
  57                         }
  58                         tlsconn.SetDeadline(time.Now().Add(config.ScanMaxRTT - time.Since(start)))
  59                         resp, err := httputil.NewClientConn(tlsconn, nil).Do(req)
  60                         if err != nil {
  61                                 tlsconn.Close()
  62                                 return false
  63                         }
  64                         // io.Copy(os.Stdout, resp.Body)
  65                         // if resp.Body != nil {
  66                         //      io.Copy(ioutil.Discard, resp.Body)
  67                         //      resp.Body.Close()
  68                         // }
  69                         if resp.StatusCode != 404 {
  70                                 tlsconn.Close()
  71                                 return false
  72                         }
  73                 }
  74
  75                 tlsconn.Close()
  76
  77                 rtt := time.Since(start)
  78                 if rtt < config.ScanMinRTT {
  79                         return false
  80                 }
  81                 record.RTT += rtt
  82         }
  83         return true
  84 }