striptls审计代理 1.0 免费版

striptls是一款python平台下的源代码安全审计工具。该工具提供一种方式将纯文本连接升级为加密连接（TLS或SSL），而不是另外使用一个端口作加密通信。它能通过SMTP、POP3、IMAP、FTP、NNTP、XMPP、IRC等多种通信协议实现审计功能。

使用方法

1.从pip安装

#> pip install striptls

2.从源安装

#> setup.py install

示例:

inbound outbound

[inbound_peer]<------------->[listen:proxy]<------------->[outbound_peer/target]

smtp-client striptls remote/target

本地 smtp-client -> localhost:8825 (代理) -> mail.gmx.net:25

源代码安全审计工具通信方式

SMTP

SMTP.StripFromCapabilities - server response capability patch

SMTP.StripWithInvalidResponseCode - client STARTTLS stripping, invalid response code

SMTP.UntrustedIntercept - STARTTLS interception (client and server talking ssl) (requires server.pem in pwd)

SMTP.StripWithTemporaryError

SMTP.StripWithError

SMTP.ProtocolDowngradeStripExtendedMode

SMTP.InjectCommand

POP3

POP3.StripFromCapabilities

POP3.StripWithError

POP3.UntrustedIntercept

IMAP

IMAP.StripFromCapabilities

IMAP.StripWithError

IMAP.UntrustedIntercept

IMAP.ProtocolDowngradeToV2

FTP

FTP.StripFromCapabilities

FTP.StripWithError

FTP.UntrustedIntercept

NNTP

NNTP.StripFromCapabilities

NNTP.StripWithError

NNTP.UntrustedIntercept

XMPP

XMPP.StripFromCapabilities

XMPP.StripInboundTLS

XMPP.UntrustedIntercept

ACAP (untested)

ACAP.StripFromCapabilities

ACAP.StripWithError

ACAP.UntrustedIntercept

IRC

IRC.StripFromCapabilities

IRC.StripWithError

IRC.UntrustedIntercept

IRC.StripWithNotRegistered

IRC.StripCAPWithNotregistered

IRC.StripWithSilentDrop

结果：

- [*] client: 127.0.0.1

- [Vulnerable!] <class striptls.StripWithInvalidResponseCode at 0xffd3138c>

- [Vulnerable!] <class striptls.StripWithTemporaryError at 0xffd4611c>

- [ ] <class striptls.StripFromCapabilities at 0xffd316bc>

- [Vulnerable!] <class striptls.StripWithError at 0xffd4614c>

- [*] client: 192.168.139.1

- [Vulnerable!] <class striptls.StripInboundTLS at 0x7f08319a6808>

- [Vulnerable!] <class striptls.StripFromCapabilities at 0x7f08319a67a0>

- [Vulnerable!] <class striptls.UntrustedIntercept at 0x7f08319a6870>