Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict testing to HTTP connections #4

Open
kousu opened this issue Mar 8, 2018 · 0 comments
Open

Restrict testing to HTTP connections #4

kousu opened this issue Mar 8, 2018 · 0 comments
Labels
enhancement New feature or request

Comments

@kousu
Copy link
Contributor

kousu commented Mar 8, 2018
edited
Loading

There's a lot of DNS noise more than actual outgoing connections. I suspect it would save time it we only ran testssl for real observed connections. So, I propose:

  1. Watch for DNS answers (udp port 53 incoming), and cache IP => domain
  2. Watch, simultaneously, for HTTPS (port 443 tcp).
    a. look up the domain name for this connection from the DNS cache
    b. we have to assume that the most recent DNS answer goes with the most recent HTTPS connection
    • we could maybe make this more accurate by caching (LAN IP, remote IP) => domain instead
  3. Run testssl on this domain

I also suggest that we watch for HTTP (tcp port 80) -- which is in the clear, so we can straight up sniff their content -- and flag everything that doesn't immediately HTTP 302 their content to the HTTPS version of the same site.
@johnsaigle johnsaigle added the enhancement New feature or request label Mar 8, 2018
@johnsaigle johnsaigle mentioned this issue Mar 14, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kousu @johnsaigle