Metasploit mailing list archives
SSL Class?
From: tyronmiller at gmail.com (Ty Miller)
Date: Thu, 15 Mar 2007 15:25:32 +1100
Hey Alex. Thanks very much! That will be gold! ;o) Ty -----Original Message----- From: Alexander Sotirov [mailto:asotirov at determina.com] Sent: Thursday, 15 March 2007 10:08 AM To: framework at metasploit.com Subject: Re: [framework] SSL Class?
There isn't one really -- we support OpenSSL, but the API isn't really exploit-friendly when it comes to SSL implementation bugs. To trigger the cipher overflow, just create a request manually with all the ciphers inside and send it. The trouble I ran into when writing this exploit is that before the bug would trigger, you had to complete the SSL handshake. The best approach would be to MITM an existing SSL implementation and rewrite the hello packet to include the new cipher list.
This exploit has a partial implementation of an SSL handshake, written in C: http://www.phreedom.org/solar/exploits/apache-openssl/ Alex
Current thread:
- SSL Class? Ty Miller (Mar 11)
- SSL Class? H D Moore (Mar 11)
- SSL Class? Ty Miller (Mar 11)
- SSL Class? Alexander Sotirov (Mar 14)
- SSL Class? Ty Miller (Mar 14)
- SSL Class? Ty Miller (Mar 11)
- SSL Class? H D Moore (Mar 11)