!no echo
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!  
! Parameters: HostName
!
! Description:
! Cisco CSS script to get a web pageusing HTTPS  and check the result
! This script will connect to an SSL Web server running SSL
! version 3.0.  We will connect to the server, do the non-encrypted
! handshake, and then disconnect.
!
! Failure Upon:
!   1. Not establishing a connection with the host.
!   2. Not receiving a postive authentication.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


if ${ARGS}[#] "NEQ" "1"
        echo "Usage: ap-kal-ssl \'Hostname\'"
        exit script 1
endbranch


! Defines:
set HostName "${ARGS}[1]"


! Connect to the remote Host
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000


! Send the GET request for the web page
set EXIT_MSG "Send: Failed"

! Send over the hex for the fields:
! [Handshake: 0x16] [Version: 0x03 0x00] [Length: 0x00 0x59]
! [Client Hello: 0x01] [Length: 0x00 0x00 0x55] [Version: 0x03 0x00]
! [Random (32bit) #: 0x39 -> 0xff] [Session Length: 0x20]
! [Session ID (32bit): 0x3a -> 0x5d] [Cipher Length: 0x00 0x0e]
! [Cipher Suite: 0x00 -> 0x00 (Last Byte in stream)]

! Break the request into two send requests, as we have a 128 byte
! max on quoted text parameters.
socket send ${SOCKET} "1603000059010000550300392ae5530da35d89041b4beaa42891470e49351c3bfeb7631296139928dd7fff203a" raw

socket send ${SOCKET} "9a0ed92a4e4f66d75ecce24c3a361efc26ab86310c4b9e7271a1317d97635d000e0004ffe0000a00640062000300060100" raw


! Wait for a good status code
set EXIT_MSG "Waitfor: Failed"

! Wait for a handshake message (0x16), paired with the version
! of SSL (0x03 0x00)
socket waitfor ${SOCKET} "160300" 2000 raw

! Wait for the specific server hello (0x02)
socket waitfor ${SOCKET} "02" 2000 raw

! Wait for the version again (as it appears twice: 0x03 0x00)
socket waitfor ${SOCKET} "0300" 2000 raw

no set EXIT_MSG
socket disconnect ${SOCKET}


exit script 0