This repository is a WIP framework which implements different SSL/TLS attacks to show the feasibility in practise.
Currently implemented:
- BREACH
- POODLE
- Python 3
- Docker
- scapy-python3
- Patched scapy-ssl_tls
- Create the networks: ./create_docker_networks.sh
- Build the docker images: ./build.sh
- Start the server image: cd victim_server && ./start_docker.sh
- Run one of the samples:
- As a setup.py is currently missing: export PYTHONPATH="."
- ./scripts/ssl-demos.py -u <target url> -p <port to capture> -i <ip address to capture> -b >cookies to sent in the victim request> -I <interface to capture> Breach -t <token to guess> -P >prefix for the attack>
Parameter | Description | Example |
---|---|---|
target url | A url to a webpage which uses HTTP compression and reflects GET parameters. {DATA} will be replaced by the attack string. | https://127.0.0.1:2001?affiliate={DATA} |
port to capture | The port the webserver listens on. Will be used as a pcap filter | 2001 |
ip address to capture | The ip address of the webserver. Will be used as a pcap filter | 127.0.0.1 |
cookies to sent in the victim request | The cookies which will be sent by the victim simulator. Required to provide sessions | SESSION=0372e249-7932-41ba-8dbb-6e79e991c8e7 |
prefix for the attack | A prefix of a place where the to be guessed secret is located. Required to increase the compression probabilty | input type="hidden" name="csrftoken" value=" |
token to guess | The secret we want to guess. Allows to show better status messages. The guessing algorithm does not use it in any way | 9f0fea5a00946a9a4c606178d85a6464018bc140 |
interface to capture | The interface we want to capture on | lo |
- Export the privkey.pem from the server image (for visualization): docker exec <container> cat privkey.pem > victim_server/privkey.pem
- As a setup.py is currently missing: export PYTHONPATH="."
- ./scripts/ssl-demos.py -p <port to capture> -i <ip address of the server> -I <interface 1> Poodle -I2 <interface 2>
- Start the victim client: cd victim_client && ./poodle.sh
Parameter | Description | Example |
---|---|---|
port to capture | The port the webserver listens on. Will be used as a pcap filter | 2000 |
ip address of the server | The ip address of the webserver. Will be used in the MitM | 172.10.2.2 |
interface 1 | The first interface | docker1 |
interface 2 | The second interface | docker2 |