4.0
1NSchAb
1NSchAb
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
164<br />
Web Application Penetration Testing<br />
Preferred Cipher Suite: None<br />
Accepted Cipher Suite(s): None<br />
Undefined - An unexpected error happened: None<br />
* SSLV3 Cipher Suites :<br />
Rejected Cipher Suite(s): Hidden<br />
Preferred Cipher Suite:<br />
RC4-SHA 128 bits HTTP 200 OK<br />
Accepted Cipher Suite(s):<br />
CAMELLIA256-SHA 256 bits HTTP 200 OK<br />
RC4-SHA 128 bits HTTP 200 OK<br />
CAMELLIA128-SHA 128 bits HTTP 200 OK<br />
Undefined - An unexpected error happened: None<br />
* TLSV1_1 Cipher Suites :<br />
Rejected Cipher Suite(s): Hidden<br />
Preferred Cipher Suite: None<br />
Accepted Cipher Suite(s): None<br />
Undefined - An unexpected error happened:<br />
ECDH-RSA-AES256-SHA socket.timeout - timed<br />
out<br />
ECDH-ECDSA-AES256-SHA socket.timeout - timed<br />
out<br />
* TLSV1_2 Cipher Suites :<br />
Rejected Cipher Suite(s): Hidden<br />
Preferred Cipher Suite: None<br />
Accepted Cipher Suite(s): None<br />
Undefined - An unexpected error happened:<br />
ECDH-RSA-AES256-GCM-SHA384 socket.timeout -<br />
timed out<br />
ECDH-ECDSA-AES256-GCM-SHA384 socket.timeout<br />
- timed out<br />
RC4-SHA 128 bits Timeout on HTTP GET<br />
Accepted Cipher Suite(s):<br />
CAMELLIA256-SHA 256 bits HTTP 200 OK<br />
RC4-SHA 128 bits HTTP 200 OK<br />
CAMELLIA128-SHA 128 bits HTTP 200 OK<br />
Undefined - An unexpected error happened:<br />
ADH-CAMELLIA256-SHA socket.timeout - timed<br />
out<br />
SCAN COMPLETED IN 9.68 S<br />
------------------------<br />
Example 7. Testing SSL/TLS with testssl.sh<br />
Testssl.sh [38] is a Linux shell script which provides clear output to<br />
facilitate good decision making. It can not only check web servers<br />
but also services on other ports, supports STARTTLS, SNI, SPDY and<br />
does a few check on the HTTP header as well.<br />
It’s a very easy to use tool. Here’s some sample output (without colors):<br />
user@myhost: % testssl.sh owasp.org<br />
#############################################<br />
###########<br />
testssl.sh v2.0rc3 (https: /testssl.sh)<br />
($Id: testssl.sh,v 1.97 2014/04/15 21:54:29 dirkw Exp $)<br />
This program is free software. Redistribution +<br />
modification under GPLv2 is permitted.<br />
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!<br />
Note you can only check the server against what is<br />
available (ciphers/protocols) locally on your machine<br />
#############################################<br />
###########<br />
Using “OpenSSL 1.0.2-beta1 24 Feb 2014” on<br />
“myhost://bin/openssl64”<br />
Testing now (2014-04-17 15:06) ---> owasp.org:443 Testing Protocols<br />
Preferred Cipher Suite:<br />
SSLv2<br />
SSLv3<br />
NOT offered (ok)<br />
offered