Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 4 of 4
  1. #1
    Join Date
    November 2017
    Posts
    181

    [PHP] HTTPS Scan - Find insecure HTTP links on your server

    Background Information

    Chrome will soon mark all unencrypted websites as "not secure" (source) in an attempt push the usage of encryption on the web.
    This also means that TeamSpeak 3 server administrators should consider switching their resources such as hoster banners and icons to a secure server as well.

    What it does

    The package connects to a TeamSpeak 3 server via the query interface and scans various server properties as well as channel descriptions for insecure HTTP links.

    The result is printed to stdout.

    Scanned server properties

    • Welcome Message
    • Host Message
    • Host Banner Link URL
    • Host Banner Image URL
    • Host Button Link URL
    • Host Button Image URL

    Requirements

    • Composer is required to install dependencies
    • Valid ServerQuery login credentials
    • Custom anti-flood settings or whitelisted IP address

    Download and README

    randomhost/ts3-https-scan (GitHub)

    Example

    Code:
    php src/bin/scan.php --user serveradmin --password changeme --host localhost
    Result

    Code:
    Scanning:
     - Host: localhost
     - Port: 9987
     - Query Port: 10011
     - User: serveradmin
     - Password: ******
    
    The following server properties contain insecure HTTP links:
     - Host Banner Link URL
     - Host Banner Image URL
    
    The following channels contain insecure HTTP links:
     - Lobby
     - Gaming 2
    
    Done.

  2. #2
    Join Date
    August 2013
    Location
    Germany
    Posts
    541
    As far as i can tell from your post, it's not crucial to prevent the usage of HTTP, so there's no exploit related to that, right?

  3. #3
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,368
    TeamSpeak's own file transfer which you have to use for icons and avatars is always unencrypted. And you care about a few links in channel descriptions... LOL.

  4. #4
    Join Date
    November 2017
    Posts
    181
    Quote Originally Posted by Bluscream View Post
    As far as i can tell from your post, it's not crucial to prevent the usage of HTTP, so there's no exploit related to that, right?
    There is no immediate exploit that I know of. However, I don't think I have to go into details why using HTTPS wherever possible is a good idea.

    When the most popular browser announces that it's going to actively fight against the usage of unencrypted HTTP, many websites will switch to HTTPS. Updating links that point to them to use the right protocol makes sense, just like fixing dead links which no longer point to a valid resource.

    Actually most websites will now redirect you to HTTPS anyway, but that is not immediately obvious to all users and means that the initial request is still unencrypted.

    Quote Originally Posted by numma_cway View Post
    TeamSpeak's own file transfer which you have to use for icons and avatars is always unencrypted. And you care about a few links in channel descriptions... LOL.
    I can't remember saying that this is going to fix all issues that TeamSpeak has in terms of encryption.

    I'm just providing a tool which could help server administrators to take one little step towards a secure web. That's all.

    If you think it's useless: Don't use it. That's fine.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 6
    Last Post: November 25th, 2014, 08:02 PM
  2. Gametracker can't scan server?
    By Heartless 1.0 in forum Server Support
    Replies: 0
    Last Post: March 21st, 2011, 12:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •