This repository has been archived by the owner on Jan 21, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathindex.html
332 lines (306 loc) · 11.1 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>TLS 1.3 middleboxes test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/styles.css" type="text/css">
<link rel="stylesheet" href="css/responsive.css" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,600" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
</head>
<body>
<div class="cf-gradient"></div>
<div class="content">
<div class="main-hover-box">
<div class="cf-gradient2"></div>
<div class="hover-box">
<div class="box-content">
<h1>TLS 1.3 middleboxes test</h1>
<p>
This page performs some tests to check for middlebox interference with TLS 1.3.
For that it requires Adobe Flash and TCP port 843 to be open. If this is not the
case, all tests will fail with <em>N/A</em>.
</p>
<div id="initial-info">
<p>
<label>
<input id="verbose" class="confirm-checkbox" type="checkbox" checked autocomplete="off">
Enable additional MITM detection, this requires the server to record
test results.
</label>
<span class="learnmore" onclick="extratext()">Learn More</span></p>
<div id="hidden-text" class="hidden">
<p>
The purpose of this tool is to gather insight in potential failure
modes of TLS 1.3. We aim for full transparency in what we do, data
will only be collected once the test starts.
</p>
<h3>Information that we collect</h3>
<ul>
<li>IP address: used to learn what (mobile) networks or ISPs are
problematic.
<li>Result (pass/fail): whether a connection attempt succeeded and
whether the response matches the expectation.
<li>Contents of the simulated connection (TCP payload and session
keys): this should normally have an exact match with the server
view. A mismatch indicates potential issues.
<li>User Agent (web browser version): allows tests to be discarded
later in case we discover incompatibilities between a test and a
browser.
<li>If you choose to disable additional MITM detection, the above
will not be collected and finer analysis is not possible. As a
result the test report will be less informative.
</ul>
<h3>Who are we</h3>
<p>
This opensource project is built by <a
href="https://www.cloudflare.com/">Cloudflare</a>. We help building
a better (more secure) Internet and are involved in the
development and deployment of TLS 1.3 at scale.
To see the code or report issues, see this <a
href="https://github.com/cloudflare/mitm.watch">Github</a>
repository.
</p>
<h3>What we are going to do with the data</h3>
<ul>
<li>Aggregate results, providing a summary for the public.
<li>Help to make informed decisions in the development of the TLS
1.3 specification.
<li>Analyze potential middlebox interference.
<li>The raw data will be treated as confidential, but we may share
(a subset of) it with other researchers for scientific purposes.
This includes browser vendors who run similar tests.
</ul>
</div>
<button type="button" class="btn-start" id="action-start">Start The Test</button>
</div>
<div id="status-text-booting">
<p>
<i class="fa fa-spinner fa-pulse fa-3x fa-fw" aria-hidden="true"></i>
Loading libraries, please stand by...
</p>
</div>
<h2 class="results-text">Results</h2>
<table id="results">
<thead>
<tr>
<th>TLS Version</th>
<th>IP Version</th>
<th>Status</th>
<th>Remark</th>
</tr>
</thead>
</table>
<div id="test-complete-message">
<p>
Tests are complete.
<button type="button" class="btn-restart" id="action-restart">Restart</button>
</p>
<p class="testid-reference">
If you would like to refer to this test result, use test identifier
<span id="testid"></span>.
</p>
<p class="testid-unavailable">
Additional MITM detection was disabled, so no test identifier is
available. Restart the test and enable additional MITM detection if
you need an identifier to report issues.
</p>
</div>
<div id="flash-message">
<div class="flash-warning">
<i class="fa fa-exclamation-circle" aria-hidden="true"></i>
</div>
<div class="flash-text">
Adobe Flash is currently required for its Socket API. Please activate the
Flash plugin below.
</div>
<div class="flash-text2">
Click and allow Flash to enable the tests.
</div>
</div>
<div id="socketApi">
Adobe Flash is required for this test, but not available.
<a href="https://www.adobe.com/go/getflashplayer">Get it here</a>
</div>
</div>
</div>
</div>
</div>
<div class="footer">
<p class="footer-text">©2017 Cloudflare</p>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
<script>
// HACK: pretend to have a supported flash version
if (window.chrome) {
swfobject.ua.pv = [100, 0, 0];
}
// https://github.com/swfobject/swfobject/wiki/SWFObject-API
// Use dimensions 100x100 instead of 0x0 or else Chrome won't prompt for
// permission to use Flash
swfobject.embedSWF("socketapi.swf", "socketApi", "100", "100", "13", false, {},
{allowscriptaccess: "always"}, {}, null);
var jssock; // will be set by jssock.js
// Test State.
var TS_INIT = 0, TS_PENDING = 1, TS_RUNNING = 2, TS_COMPLETE;
var testState = TS_INIT;
var results = document.getElementById("results");
var tlsVersions = {
0x300: "SSL 3.0",
0x303: "TLS 1.2",
0x304: "TLS 1.3 (draft -22)"
};
var STATUS_OK = "OK", STATUS_NA = "N/A", STATUS_FAIL = "Fail";
var detectStatus = function(exp) {
if (!exp.Failed) {
return STATUS_OK;
} else if (exp.Result === "connection timed out") {
return STATUS_NA;
} else if (exp.Result === '[SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"]') {
// Override error message to provide more useful feedback.
if (exp.IPv6) {
exp.Result = "Connection failed, perhaps port 843 is blocked or IPv6 is unsupported";
} else {
exp.Result = "Connection failed, perhaps port 843 is blocked or the network is unreachable";
}
return STATUS_NA;
} else {
return STATUS_FAIL;
}
};
var setTestState = function(state) {
if (state === testState) {
// nothing to do
return;
}
if (state !== TS_INIT) {
document.body.classList.add("test-active");
} else {
document.body.classList.remove("test-active");
}
if (state === TS_COMPLETE) {
document.body.classList.add("test-complete");
} else {
document.body.classList.remove("test-complete");
}
testState = state;
};
var startTests = function() {
var apiReady = document.body.classList.contains("booted");
var verbose = document.getElementById("verbose").checked;
console.log("startTests() - apiReady " + apiReady + ", state " + testState);
if (testState === TS_INIT) {
if (!apiReady) {
setTestState(TS_PENDING);
return;
}
} else if (testState === TS_PENDING) {
if (!apiReady) {
return;
}
} else {
// not allowed to start a new test while one is running.
return;
}
setTestState(TS_RUNNING);
jssock.StartTests(verbose);
if (verbose) {
document.body.classList.add("test-verbose");
} else {
document.body.classList.remove("test-verbose");
}
};
document.getElementById("action-start").onclick = startTests;
var restartTests = function() {
if (testState === TS_COMPLETE) {
var table = results.tBodies[0];
while (table.rows.length > 0) {
table.deleteRow(-1);
}
setTestState(TS_INIT);
}
};
document.getElementById("action-restart").onclick = restartTests;
// Transitions:
// (init) - jssock library not yet loaded
// booting - jssock library loaded, waiting for Flash
// booted - Flash ready.
var updateStatus = function(status) {
console.log("updateStatus(" + status + ")");
if (status === "booting") {
// script has loaded, waiting for Flash
setTimeout(function() {
if (document.body.classList.contains("booting")) {
document.body.classList.add("flash-please");
}
}, 1000);
document.body.classList.add("booting");
} else if (status === "booted") {
document.body.classList.remove("flash-please");
document.body.classList.remove("booting");
document.body.classList.add("booted");
// boot complete, run tests if it was requested by the user.
if (testState === TS_PENDING) {
startTests();
}
}
};
var parseTestIDFromDomain = function(domain) {
var reUUID = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i;
var match = reUUID.exec(domain);
return match ? match[0] : "";
};
var addExperiment = function(exp) {
if (results.tBodies.length === 0) {
results.createTBody();
}
var item = results.tBodies[0].insertRow();
item.className = "status-pending";
item.insertCell().textContent = tlsVersions[exp.Version];
item.insertCell().textContent = exp.IPv6 ? "IPv6" : "IPv4";
item.insertCell().textContent = "Pending";
item.insertCell(); // Description
// TODO remove this old Experiment structure and pass the identifier in a
// different way (e.g. at the end of tests).
document.getElementById("testid").textContent = parseTestIDFromDomain(exp.Domain);
};
var updateExperiment = function(i, exp) {
var row = results.tBodies[0].rows[i];
var status = detectStatus(exp);
row.cells[2].textContent = status;
var desc;
if (status == STATUS_FAIL) {
desc = exp.Result;
row.className = "status-fail";
} else if (status == STATUS_NA) {
desc = exp.Result;
row.className = "status-na";
} else if (exp.IsMitm) {
desc = "Communication succeeded, but interference by a MITM was detected";
row.className = "status-ok";
} else {
desc = "";
row.className = "status-ok";
}
row.cells[3].textContent = desc;
if (results.getElementsByClassName("status-pending").length === 0) {
setTestState(TS_COMPLETE);
}
};
function extratext() {
var element = document.getElementById("hidden-text");
element.classList.toggle("hidden");
}
</script>
<script>
// cache bump
var jssockClientVersion = "TEST"; // this line will be updated automatically.
(function() {
var s = document.createElement("script");
s.src = "jssock.js?v=" + encodeURIComponent(jssockClientVersion);
document.body.appendChild(s);
}());
</script>
</body>
</html>