Skip to content

Simple and automatic test bed implementation for tlsassistant

License

Notifications You must be signed in to change notification settings

stfbk/tlsassistant-testbed

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TLSAssistant Testbed

The TLSAssistant Testbed is an open source code for automatically configuring various vulnerable webservers for the purpose of testing TLSAssistant analysis modules.

Installation

One Liner

To run the code, execute the following command:

sudo apt update && sudo apt-get -y install git && git clone https://github.com/stfbk/tlsassistant-testbed && cd tlsassistant-testbed && chmod +x run.sh && sudo ./run.sh

Step by Step

If you want to download and install by executing every step:

Show single steps
  1. Install git
sudo apt update && sudo apt-get -y install git
  1. Download the tool by running
git clone https://github.com/stfbk/tlsassistant-testbed && cd tlsassistant-testbed
  1. Allow execution for the file:
chmod +x run.sh
  1. Run the run.sh script:
sudo ./run.sh

Docker

Recommended for non-Ubuntu users:

Since it does use APT and install dependencies, we can use the Dockerfile to build the image and contain the installation process.

Docker build and run tutorial Clone the repository:
  git clone https://github.com/stfbk/tlsassistant-testbed && cd tlsassistant-testbed

Build the docker image:

  docker build -t tlsassistant-testbed .

Run the docker image mapping all of the ports:

  docker run -p 9000:9000 -p 9001:9001 -p 9002:9002 -p 9003:9003 -p 9004:9004 -p 9005:9005 -p 9006:9006 -p 9007:9007 -t tlsassistant-testbed

Features

Supported Vulnerabilities
  • 3SHAKE
  • BEAST
  • BREACH
  • CCS Injection
  • Certificate Transparency
  • CRIME
  • DROWN
  • FREAK
  • Heartbleed
  • HSTS preloading
  • HSTS set
  • HTTPS enforced
  • LOGJAM
  • LUCKY13
  • BAR MITZVAH
  • RC4 NOMORE
  • Perfect Forward Secrecy
  • POODLE
  • SSL RENEGOTIATION
  • ROBOT
  • SWEET32
Ports configured
  • port 9000 == DROWN, RC4 NOMORE, BAR MITZVAH, Secure Renegotiation Missing, Secure Client-Initiated Renegotiation
  • port 9001 == SWEET32, LUCKY13, FREAK, LOGJAM
  • port 9002 == DROWN, SWEET32, Secure Renegotiation Missing, Secure Client-Initiated Renegotiation
  • port 9003 == BEAST, POODLE (SSL), SWEET32, FREAK, LOGJAM, LUCKY13
  • port 9004 == FREAK, RC4 NOMORE, BAR MITZVAH, LOGJAM
  • port 9005 == Heartbleed, CCS, FREAK, LOGJAM, RC4
  • port 9006 == ROBOT
  • port 9007 == CRIME, BREACH, LUCKY13
Webservers
  • Nginx 1.9.0 with openssl 1.0.1u
  • Nginx 1.9.0 with openssl 1.0.1a with patched doc files
  • DamnVulnerableOpenSSL Docker
  • Apache httpd 2.4.37 patched with apr-1.6.5, apr-util-1.6.1 and using openssl 1.0.2-stable

License

Copyright 2024, Fondazione Bruno Kessler

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Developed within the Security & Trust research unit, part of the Center for Cybersecurity at Fondazione Bruno Kessler (Italy)