Created
July 4, 2017 03:57
-
-
Save co60ca/b56032c7d1ee31a1861f65761746d20d to your computer and use it in GitHub Desktop.
check-sni.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script uses curl / tshark to check if a server accepts | |
| # and responds with SNI (server_name) in server hello | |
| # exits 1 if not SNI, exits 0 if SNI | |
| set -eu | |
| hostname=$1 | |
| # Tempfile for formatted output | |
| tmpfile="$(mktemp)" | |
| tshark -V -f "(host $hostname and port 443)" \ | |
| -Y "ssl.handshake.type == 2" 2>/dev/null 1>"$tmpfile" & | |
| pid=$! | |
| # Wait for tshark setup | |
| sleep 1 | |
| # Send a request to get a server hello | |
| curl --silent "https://${hostname}" 2> /dev/null 1>&2 | |
| # Make sure tshark has time to read it | |
| sleep 1 | |
| # Check if server_name is set | |
| res=$(grep server_name "$tmpfile") | |
| # Kill our tshark | |
| kill "$pid" | |
| # Remove our temp file | |
| rm "$tmpfile" | |
| if [ "$res" ] ; then | |
| echo "$hostname" | |
| exit 0 | |
| fi | |
| exit 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment