Adds check for HTTPS and Channel Binding aka EPA for ESC8

[sploutchy]

Improves on the pull request 203 to check for presence of HTTPS web enrollment endpoint and channel binding requirement.

Requires a modern version of impacket, e.g.:

pipx install git+https://github.com/sploutchy/Certipy@esc8_https_channel_binding --suffix custom
pipx inject certipy-adcustom git+https://github.com/fortra/impacket --force

Outputs if HTTP is enabled and/or HTTPS is enabled and channel binding not required:

└─$ certipy find -target-ip 10.0.1.100 -target child.testlab.local -dc-ip 10.0.1.100 -ns 10.0.1.100 -username [email protected] -password 'oops' -stdout
Certipy v4.8.2 - by Oliver Lyak (ly4k)
[CUT]
[+] Resolved 'CA1.child.testlab.local' from cache: 10.0.1.102
[+] Connecting to http://10.0.1.102/certsrv
[+] Resolved 'CA1.child.testlab.local' from cache: 10.0.1.102
[+] Connecting to https://10.0.1.102/certsrv
[+] Web enrollment seems enabled over https
[+] Resolved 'CA1.child.testlab.local' from cache: 10.0.1.102
[+] Testing Channel Binding. Performing connection to CA1.child.testlab.local without CB
[+] 301
[*] Channel Binding not enforced for CA1.child.testlab.local
[CUT]
      ESC8                              : Web Enrollment is enabled over HTTPS, Channel Binding is disabled and Request Disposition is set to Issue
[CUT]

This patch should be compatible with https://github.com/zimedev/certipy-merged

[sploutchy]

Note: relaying to HTTPS is possible with impacket's ntlmrelayx.py as per this comment.