From a71d2e51ff4a0d656d93e1d27b05b2396fb15ecc Mon Sep 17 00:00:00 2001
From: Robert David Graham <robert_david_graham@yahoo.com>
Date: Wed, 23 Aug 2017 21:53:56 -0700
Subject: [PATCH] hello ssl

---
 src/main-conf.c | 11 +++++++++++
 src/main.c      |  5 +++++
 src/masscan.h   |  3 ++-
 src/proto-tcp.c | 14 ++++++++++++++
 4 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/main-conf.c b/src/main-conf.c
index f212aaf..d533928 100644
--- a/src/main-conf.c
+++ b/src/main-conf.c
@@ -451,6 +451,10 @@ masscan_echo(struct Masscan *masscan, FILE *fp)
     fprintf(fp, "%scapture = html\n", masscan->is_capture_html?"":"no");
     fprintf(fp, "%scapture = heartbleed\n", masscan->is_capture_heartbleed?"":"no");
     fprintf(fp, "%scapture = ticketbleed\n", masscan->is_capture_ticketbleed?"":"no");
+    
+    if (masscan->is_hello_ssl) {
+        fprintf(fp, "hello = ssl\n");
+    }
 
     /*
      *  TCP payloads
@@ -1108,6 +1112,13 @@ masscan_set_parameter(struct Masscan *masscan,
             free(masscan->bpf_filter);
         masscan->bpf_filter = (char*)malloc(len);
         memcpy(masscan->bpf_filter, value, len);
+    } else if (EQUALS("hello", name)) {
+        if (EQUALS("ssl", value))
+            masscan->is_hello_ssl = 1;
+        else {
+            fprintf(stderr, "FAIL: %s: unknown hello type\n", value);
+            exit(1);
+        }
     } else if (EQUALS("capture", name)) {
         if (EQUALS("cert", value))
             masscan->is_capture_cert = 1;
diff --git a/src/main.c b/src/main.c
index 774031f..198e9dd 100644
--- a/src/main.c
+++ b/src/main.c
@@ -621,6 +621,11 @@ receive_thread(void *v)
                                     "http-user-agent",
                                     masscan->http_user_agent_length,
                                     masscan->http_user_agent);
+        if (masscan->is_hello_ssl)
+            tcpcon_set_parameter(   tcpcon,
+                                 "hello",
+                                 1,
+                                 "ssl");
         if (masscan->is_heartbleed)
             tcpcon_set_parameter(   tcpcon,
                                  "heartbleed",
diff --git a/src/masscan.h b/src/masscan.h
index 038a75f..41dccf5 100644
--- a/src/masscan.h
+++ b/src/masscan.h
@@ -177,8 +177,9 @@ struct Masscan
     unsigned is_infinite:1;     /* -infinite */
     unsigned is_readscan:1;     /* --readscan, Operation_Readscan */
     unsigned is_heartbleed:1;   /* --heartbleed, scan for this vuln */
-    unsigned is_ticketbleed:1;   /* --ticketbleed, scan for this vuln */
+    unsigned is_ticketbleed:1;  /* --ticketbleed, scan for this vuln */
     unsigned is_poodle_sslv3:1; /* --script poodle, scan for this vuln */
+    unsigned is_hello_ssl:1;    /* --ssl, use SSL HELLO on all ports */
         
     /**
      * Wait forever for responses, instead of the default 10 seconds
diff --git a/src/proto-tcp.c b/src/proto-tcp.c
index c2e6cf7..1a81a3c 100644
--- a/src/proto-tcp.c
+++ b/src/proto-tcp.c
@@ -228,6 +228,20 @@ tcpcon_set_parameter(struct TCP_ConnectionTable *tcpcon,
         return;
     }
 
+    /*
+     * Force SSL processing on all ports
+     */
+    if (name_equals(name, "hello") && name_equals(value, "ssl")) {
+        unsigned i;
+        
+        LOG(2, "HELLO: setting SSL hello message\n");
+        for (i=0; i<65535; i++) {
+            banner1->tcp_payloads[i] = &banner_ssl;
+        }
+        
+        return;
+    }
+    
     /*
      * 2014-04-08: scan for Neel Mehta's "heartbleed" bug
      */
-- 
GitLab