Comments (19)
As you've noted, the current version of ike-scan doesn't support custom transforms for ikev2. It only supports a pre-defined ikev2 transform set, which is generated by the following code in ike-scan.c:
2197 if (params->ike_version != 1) { /* IKEv2 Transforms */
2198 unsigned char *attr;
2199 size_t attr_len;
2200
2201 add_attr(0, NULL, 'B', OAKLEY_KEY_LENGTH, 0, 256, NULL);
2202 attr = add_attr(1, &attr_len, '\0', 0, 0, 0, NULL);
2203 add_transform2(0, NULL, IKEV2_TYPE_ENCR, IKEV2_ENCR_AES_CBC, attr, attr_len);
2204 free(attr);
2205 add_attr(0, NULL, 'B', OAKLEY_KEY_LENGTH, 0, 128, NULL);
2206 attr = add_attr(1, &attr_len, '\0', 0, 0, 0, NULL);
2207 add_transform2(0, NULL, IKEV2_TYPE_ENCR, IKEV2_ENCR_AES_CBC, attr, attr_len);
2208 free(attr);
2209 add_transform2(0, NULL, IKEV2_TYPE_ENCR, IKEV2_ENCR_3DES, NULL, 0);
2210 add_transform2(0, NULL, IKEV2_TYPE_ENCR, IKEV2_ENCR_DES, NULL, 0);
2211 add_transform2(0, NULL, IKEV2_TYPE_PRF, IKEV2_PRF_HMAC_SHA1, NULL, 0);
2212 add_transform2(0, NULL, IKEV2_TYPE_PRF, IKEV2_PRF_HMAC_MD5, NULL, 0);
2213 add_transform2(0, NULL, IKEV2_TYPE_INTEG, IKEV2_AUTH_HMAC_SHA1_96, NULL, 0);
2214 add_transform2(0, NULL, IKEV2_TYPE_INTEG, IKEV2_AUTH_HMAC_MD5_96, NULL, 0);
2215 add_transform2(0, NULL, IKEV2_TYPE_DH, 2, NULL, 0);
2216 add_transform2(0, NULL, IKEV2_TYPE_DH, 5, NULL, 0);
2217 add_transform2(0, NULL, IKEV2_TYPE_DH, 14, NULL, 0);
2218 transforms = add_transform2(1, &trans_len, 0, 0, NULL, 0);
2219 no_trans=11;
2220 }
It is possible to alter this code to change the transforms, which is what I've done when experimenting with ikev2, but I realise that's far from ideal.
It would be preferrable to add support for custom transforms, but that would require some code refactoring in order to do so neatly.
Now I know that there's some interest in ikev2 enumeration I might look at this. Of course, pull requests are always welcome :-)
from ike-scan.
If i get some spare time I'd love to contribute and will aim at doing so, but I'll warn you, the extent of my coding is dirty scripting in python for pen testing. Do you have a good reference to ensure i have the write syntax for similar items above for other encryption, algorithm and dh groups somewhere? I am also a bit confused, maybe you could clarify, is the above block of code sending one request that says this is what i support so the server can respond with the default (this is what I'm obsering now). The idea here would be to allow a user the option of which transforms to choose and send that as well as to enumerate all correct?
from ike-scan.
The code shown above is constructing the following IKEv2 transforms:
Encryption Algorithm = AES_CBC, 256 bit key
Encryption Algorithm = AES_CBC, 128 bit key
Encryption Algorithm = 3DES
Encryption Algorithm = DES
Pseudo-random Function = SHA1
Pseudo-random Function = MD5
Integrity Algorithm = SHA1
Integrity Algorithm = MD5
Diffie-Hellman Group = 2
Diffie-Hellman Group = 5
Diffie-Hellman Group = 14
This transform set forms part of the proposal which in turn forms part of the SA payload.
RFC 4306 states:
If there are multiple transforms with the same Transform Type, the proposal is an OR of those transforms. If there are multiple Transforms with different Transform Types, the proposal is an AND of the different groups
Which means the proposal is:
Encryption: (AES/256 or AES/128 or 3DES or DES) and
Pseudo-random Function: (SHA1 or MD5) and
Integrity Algorithm: (SHA1 or MD5) and
Diffie-Hellman Group: (2 or 5 or 14)
Edit: the simplest way to enumerate transforms is to send one custom transform at a time and see what responses are returned. But this custom transform needs to be sent instead of the default, not in addition to it.
from ike-scan.
I've been trying to understand the yIKEs tool seen here which exclusively supports IKEv2. It is the only custom transform tool I've seen public:
Would love to eventually have ike-scan perform the same function as yIKEs but at a higher level.
If you want super quick IKEv1 full algorithm support, checkout Patator:
from ike-scan.
Related Issues (20)
- Range/netmask target syntax doesn't work HOT 9
- Can ike-scan be used to detect the cisco asa ike buffer overflow? HOT 5
- Use of ike-vendor-ids in other (open-source) programs HOT 4
- malformed test fails on big endian HOT 1
- Malformed README.md markdown HOT 1
- New backoff fingerprints for SoftEther
- autoreconf --install HOT 1
- How to set the "Proposal number"?
- common prime detection
- Current stable?
- make check fails with coredump HOT 1
- Move wiki to new URL
- No makefile generated using ./configure --with-openssl HOT 1
- the tar file does not contain configure HOT 1
- Any plans for IPv6 support? HOT 1
- Remove $Id$ tags HOT 3
- Tagged release
- Modern algorithms not automatically detected?
- Supplying nonsense transformation parameters lacks a "not supported feedback"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ike-scan.