[framework] SSL Class?
Ty Miller
tyronmiller at gmail.com
Wed Mar 14 23:25:32 CDT 2007
Hey Alex. Thanks very much! That will be gold! ;o)
Ty
-----Original Message-----
From: Alexander Sotirov [mailto:asotirov at determina.com]
Sent: Thursday, 15 March 2007 10:08 AM
To: framework at metasploit.com
Subject: Re: [framework] SSL Class?
> There isn't one really -- we support OpenSSL, but the API isn't really
> exploit-friendly when it comes to SSL implementation bugs. To trigger the
> cipher overflow, just create a request manually with all the ciphers
> inside and send it. The trouble I ran into when writing this exploit is
> that before the bug would trigger, you had to complete the SSL handshake.
> The best approach would be to MITM an existing SSL implementation and
> rewrite the hello packet to include the new cipher list.
This exploit has a partial implementation of an SSL handshake, written in C:
http://www.phreedom.org/solar/exploits/apache-openssl/
Alex
More information about the framework
mailing list