updated ssl wrap_socket function

Pepelux · Apr 25, 2024 · 21c9bda · 21c9bda
1 parent 2db69f8
commit 21c9bda
Show file tree

Hide file tree

Showing 10 changed files with 66 additions and 22 deletions.
diff --git a/src/sippts/sipdigestleak.py b/src/sippts/sipdigestleak.py
@@ -279,8 +279,12 @@ def call(self, ip, port, proto):
                 sock.connect(host)
 
             if self.proto == 'TLS':
-                sock_ssl = ssl.wrap_socket(
-                    sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                context.load_default_certs()
+
+                sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                 sock_ssl.connect(host)
                 sock_ssl.sendall(bytes(msg[:8192], 'utf-8'))
             else:

diff --git a/src/sippts/sipenumerate.py b/src/sippts/sipenumerate.py
@@ -163,8 +163,12 @@ def send(self, method):
                     sock.connect(host)
 
                 if self.proto == 'TLS':
-                    sock_ssl = ssl.wrap_socket(
-                        sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                    context.check_hostname = False
+                    context.verify_mode = ssl.CERT_NONE
+                    context.load_default_certs()
+
+                    sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                     sock_ssl.connect(host)
             except:
                 print('Socket connection error')

diff --git a/src/sippts/sipexten.py b/src/sippts/sipexten.py
@@ -275,8 +275,12 @@ def scan_host(self, ipaddr, to_user):
                     sock.connect(host)
 
                 if self.proto == 'TLS':
-                    sock_ssl = ssl.wrap_socket(
-                        sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                    context.check_hostname = False
+                    context.verify_mode = ssl.CERT_NONE
+                    context.load_default_certs()
+
+                    sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                     sock_ssl.connect(host)
                     sock_ssl.sendall(bytes(msg[:8192], 'utf-8'))
                 else:

diff --git a/src/sippts/sipflood.py b/src/sippts/sipflood.py
@@ -210,8 +210,12 @@ def flood(self):
                         sock.connect(host)
 
                     if self.proto == 'TLS':
-                        sock_ssl = ssl.wrap_socket(
-                            sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                        context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                        context.check_hostname = False
+                        context.verify_mode = ssl.CERT_NONE
+                        context.load_default_certs()
+
+                        sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                         sock_ssl.connect(host)
                 except:
                     # print(self.c.RED + '\nSocket connection error\n' + self.c.WHITE)

diff --git a/src/sippts/sipfuzzer.py b/src/sippts/sipfuzzer.py
@@ -99,8 +99,12 @@ def ping(self):
                 sock.connect(host)
 
             if self.proto == 'TLS':
-                sock_ssl = ssl.wrap_socket(
-                    sock, ssl_version=ssl.PROTOCOL_TLS, ciphers=None, cert_reqs=ssl.CERT_NONE)
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                context.load_default_certs()
+
+                sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                 sock_ssl.connect(host)
 
             ping = create_message('OPTIONS', '', self.ip, '100', '', self.ip, '100', '', self.ip,
@@ -224,8 +228,12 @@ def fuzz(self):
             sock.connect(host)
 
         if self.proto == 'TLS':
-            sock_ssl = ssl.wrap_socket(
-                sock, ssl_version=ssl.PROTOCOL_TLS, ciphers=None, cert_reqs=ssl.CERT_NONE)
+            context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+            context.check_hostname = False
+            context.verify_mode = ssl.CERT_NONE
+            context.load_default_certs()
+
+            sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
             sock_ssl.connect(host)
 
         while self.quit == False:

diff --git a/src/sippts/sipinvite.py b/src/sippts/sipinvite.py
@@ -132,8 +132,12 @@ def invite(self, fw, src, dst):
                 sock.connect(host)
 
             if self.proto == 'TLS':
-                sock_ssl = ssl.wrap_socket(
-                    sock, ssl_version=ssl.PROTOCOL_TLS, ciphers=None, cert_reqs=ssl.CERT_NONE)
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                context.load_default_certs()
+
+                sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                 sock_ssl.connect(host)
 
             try:

diff --git a/src/sippts/sipping.py b/src/sippts/sipping.py
@@ -211,8 +211,12 @@ def start(self):
                     sock.connect(host)
 
                 if self.proto == 'TLS':
-                    sock_ssl = ssl.wrap_socket(
-                        sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                    context.check_hostname = False
+                    context.verify_mode = ssl.CERT_NONE
+                    context.load_default_certs()
+
+                    sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                     sock_ssl.connect(host)
             except socket.timeout:
                 print(self.c.RED +

diff --git a/src/sippts/siprcrack.py b/src/sippts/siprcrack.py
@@ -105,8 +105,12 @@ def register(self, ip, to_user, pwd):
                     sock.connect(host)
 
                 if self.proto == 'TLS':
-                    sock_ssl = ssl.wrap_socket(
-                        sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                    context.check_hostname = False
+                    context.verify_mode = ssl.CERT_NONE
+                    context.load_default_certs()
+
+                    sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                     sock_ssl.connect(host)
                     sock_ssl.sendall(bytes(msg[:8192], 'utf-8'))
                 else:

diff --git a/src/sippts/sipscan.py b/src/sippts/sipscan.py
@@ -442,8 +442,12 @@ def scan_host(self, ipaddr, port, proto):
                     sock.connect(host)
 
                 if proto == 'TLS':
-                    sock_ssl = ssl.wrap_socket(
-                        sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                    context.check_hostname = False
+                    context.verify_mode = ssl.CERT_NONE
+                    context.load_default_certs()
+
+                    sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                     sock_ssl.connect(host)
                     sock_ssl.sendall(bytes(msg[:8192], 'utf-8'))
                 else:

diff --git a/src/sippts/sipsend.py b/src/sippts/sipsend.py
@@ -246,8 +246,12 @@ def start(self):
                 sock.connect(host)
 
             if self.proto == 'TLS':
-                sock_ssl = ssl.wrap_socket(
-                    sock, ssl_version=ssl.PROTOCOL_TLS, ciphers='DEFAULT', cert_reqs=ssl.CERT_NONE)
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                context.load_default_certs()
+
+                sock_ssl = context.wrap_socket(sock, server_hostname=str(host[0]))
                 sock_ssl.connect(host)
                 sock_ssl.sendall(bytes(msg[:8192], 'utf-8'))
             else: