mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-16 06:12:44 +00:00
201 lines
5.7 KiB
JSON
201 lines
5.7 KiB
JSON
{
|
|
"comment": "Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request",
|
|
"configs": {
|
|
"1": {
|
|
"proto": {
|
|
"proto": "tcp"
|
|
},
|
|
"client": {
|
|
"ip": "127.0.0.1",
|
|
"port": "8181"
|
|
},
|
|
"server": {
|
|
"ip": "127.0.0.1",
|
|
"port": "9181"
|
|
}
|
|
},
|
|
"2": {
|
|
"proto": {
|
|
"proto": "ssl",
|
|
"crt": "server.crt",
|
|
"key": "server.key"
|
|
},
|
|
"client": {
|
|
"ip": "127.0.0.1",
|
|
"port": "8447"
|
|
},
|
|
"server": {
|
|
"ip": "127.0.0.1",
|
|
"port": "9447"
|
|
}
|
|
}
|
|
},
|
|
"tests": {
|
|
"1": {
|
|
"comment": "Removes Public-Key-Pins",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
|
},
|
|
"3": {
|
|
"testend": "server",
|
|
"cmd": "send",
|
|
"payload": "HTTP/1.1 302 Found\r\nPublic-Key-Pins: public-key-pins\r\nLocation: sslproxy\r\n\r\n"
|
|
},
|
|
"4": {
|
|
"testend": "client",
|
|
"cmd": "recv",
|
|
"payload": "HTTP/1.1 302 Found\r\nLocation: sslproxy\r\n\r\n"
|
|
}
|
|
}
|
|
},
|
|
"2": {
|
|
"comment": "Removes Public-Key-Pins-Report-Only",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
|
},
|
|
"3": {
|
|
"testend": "server",
|
|
"cmd": "send",
|
|
"payload": "HTTP/1.1 302 Found\r\nPublic-Key-Pins-Report-Only: public-key-pins-report-only\r\nLocation: sslproxy\r\n\r\n"
|
|
},
|
|
"4": {
|
|
"testend": "client",
|
|
"cmd": "recv",
|
|
"payload": "HTTP/1.1 302 Found\r\nLocation: sslproxy\r\n\r\n"
|
|
}
|
|
}
|
|
},
|
|
"3": {
|
|
"comment": "Removes Strict-Transport-Security",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
|
},
|
|
"3": {
|
|
"testend": "server",
|
|
"cmd": "send",
|
|
"payload": "HTTP/1.1 302 Found\r\nStrict-Transport-Security: strict-transport-security\r\nLocation: sslproxy\r\n\r\n"
|
|
},
|
|
"4": {
|
|
"testend": "client",
|
|
"cmd": "recv",
|
|
"payload": "HTTP/1.1 302 Found\r\nLocation: sslproxy\r\n\r\n"
|
|
}
|
|
}
|
|
},
|
|
"4": {
|
|
"comment": "Removes Expect-CT",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
|
},
|
|
"3": {
|
|
"testend": "server",
|
|
"cmd": "send",
|
|
"payload": "HTTP/1.1 302 Found\r\nExpect-CT: expect-ct\r\nLocation: sslproxy\r\n\r\n"
|
|
},
|
|
"4": {
|
|
"testend": "client",
|
|
"cmd": "recv",
|
|
"payload": "HTTP/1.1 302 Found\r\nLocation: sslproxy\r\n\r\n"
|
|
}
|
|
}
|
|
},
|
|
"5": {
|
|
"comment": "Removes Alternate-Protocol",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
|
},
|
|
"3": {
|
|
"testend": "server",
|
|
"cmd": "send",
|
|
"payload": "HTTP/1.1 302 Found\r\nAlternate-Protocol: alternate-protocol\r\nLocation: sslproxy\r\n\r\n"
|
|
},
|
|
"4": {
|
|
"testend": "client",
|
|
"cmd": "recv",
|
|
"payload": "HTTP/1.1 302 Found\r\nLocation: sslproxy\r\n\r\n"
|
|
}
|
|
}
|
|
},
|
|
"6": {
|
|
"comment": "Removes Upgrade",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
|
},
|
|
"3": {
|
|
"testend": "server",
|
|
"cmd": "send",
|
|
"payload": "HTTP/1.1 302 Found\r\nUpgrade: upgrade\r\nLocation: sslproxy\r\n\r\n"
|
|
},
|
|
"4": {
|
|
"testend": "client",
|
|
"cmd": "recv",
|
|
"payload": "HTTP/1.1 302 Found\r\nLocation: sslproxy\r\n\r\n"
|
|
}
|
|
}
|
|
},
|
|
"7": {
|
|
"comment": "Does not deny OCSP request",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "POST / HTTP/1.1\r\nHost: example.com\r\nContent-Type: application/ocsp-request\r\n\r\n",
|
|
"comment": "It is easier to send a dummy POST ocsp request than a valid GET one"
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "POST / HTTP/1.1\r\nHost: example.com\r\nContent-Type: application/ocsp-request\r\nConnection: close\r\n\r\n"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |