Metasploit mailing list archives
Meterpreter + SSL
From: dario.scarpa at gmail.com (Dusk)
Date: Sat, 22 Aug 2009 19:31:19 +0200
On Sat, Jun 27, 2009 at 1:24 AM, HD Moore<hdm at metasploit.com> wrote:
The meterpreter payload in the SVN trunk (3.3-dev) now uses SSL by default. Any staging activities (including the upload of metsrv.dll) will still be in cleartext, but all meterpreter communications are now protected by SSL automatically. This SSL mode does NO verification, so its still possible for someone to MITM the session, but this buys some privacy-by-default.
Hi, I managed to get an university assignment on Metasploit. The course was mainly focused on practical security and applied cryptography, including OpenSSL development. So, I read this post and tought about improving the current meterpreter implementation adding optional verification. Before starting, I'm asking with this message if it would be considered useful, and if not, if anyone has any suggestions/requests about any Metasploit cryphtography-related task I could work on. Thanks! D. PS: sorry HD, a month ago I errounesly sent this message to your private address and not the list one
Current thread:
- Meterpreter + SSL Willard Dawson (Jul 06)
- Meterpreter + SSL HD Moore (Jul 06)
- <Possible follow-ups>
- Meterpreter + SSL Dusk (Aug 22)