Meterpreter + SSL

[dario.scarpa at gmail.com (Dusk)]

On Sat, Jun 27, 2009 at 1:24 AM, HD Moore<hdm at metasploit.com> wrote:
> The meterpreter payload in the SVN trunk (3.3-dev) now uses SSL by default.
> Any staging activities (including the upload of metsrv.dll) will still be in
> cleartext, but all meterpreter communications are now protected by SSL
> automatically. This SSL mode does NO verification, so its still possible for
> someone to MITM the session, but this buys some privacy-by-default.

Hi,
I managed to get an university assignment on Metasploit.
The course was mainly focused on practical security and applied
cryptography, including OpenSSL development.

So, I read this post and tought about improving the current
meterpreter implementation adding optional verification.

Before starting, I'm asking with this message if it would be
considered useful, and if not, if anyone has any suggestions/requests
about any Metasploit cryphtography-related task I could work on.

Thanks!

D.

PS: sorry HD, a month ago I errounesly sent this message to your
private address and not the list one