Vulnerability Development mailing list archives
Re: Tools to exercise SSL implementation
From: Matthew Franz <matthewdfranz () yahoo com>
Date: Thu, 4 Oct 2001 16:29:08 -0700 (PDT)
See http://www.trinux.org/iplayer/ for an example of how to manually build a ClientHello by sniffing traffic with ssldump and building a nasl. You are really only going to be able to do this stuff (especially malformed stuff) by hand -- meaning that does not use an SSL_connect() (or whatever its actually called) because it sets up the session/does everything automatically. Eric Rescorla's book on SSL is a must have for doing this type of stuff. You can really use NASL, perl, C, python, or whatever your favorite scripting language for socket programming. -mdf --- Mike Murray <mmurray () ncircle com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You should also be able to use stunnel or sslproxy to do this task. On Wednesday 03 October 2001 12:59 pm, Cushing, David wrote:Is anyone aware of a tool that will send bogusand/or maliciouslycrafted packets to an SSL enabled application? I don't want to write it if it's already outthere... couldn't findanything on a web search. Thanks, David- -- | Mike Murray <mmurray () nCircle com> | Scientific Technologist http://www.nCircle.com | nCircle Network Security 415-625-5968 | cell - 415.305.0859 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org
iD8DBQE7vMEmSZ6Dtue7Vb4RAo19AJ9/gwWucs6UqgLqjlmCy+8LsjHtoACeONIq
NR+e2hJOL5XOWIfClf2t+TY= =LZKC -----END PGP SIGNATURE-----
__________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
Current thread:
- Tools to exercise SSL implementation Cushing, David (Oct 03)
- Re: Tools to exercise SSL implementation Jose Nazario (Oct 03)
- Re: Tools to exercise SSL implementation Mike Murray (Oct 04)
- Re: Tools to exercise SSL implementation Matthew Franz (Oct 04)