Giters

bluec0re / tls-attack-demos

WIP framework for TLS attack demos

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TLS Attack Demos

This repository is a WIP framework which implements different SSL/TLS attacks to show the feasibility in practise.

Currently implemented:

  • BREACH
  • POODLE

Requirements

  • Python 3
  • Docker
  • scapy-python3
  • Patched scapy-ssl_tls

How to run

  1. Create the networks: ./create_docker_networks.sh
  2. Build the docker images: ./build.sh
  3. Start the server image: cd victim_server && ./start_docker.sh
  4. Run one of the samples:

BREACH

  1. As a setup.py is currently missing: export PYTHONPATH="."
  2. ./scripts/ssl-demos.py -u <target url> -p <port to capture> -i <ip address to capture> -b >cookies to sent in the victim request> -I <interface to capture> Breach -t <token to guess> -P >prefix for the attack>
Parameter Description Example
target url A url to a webpage which uses HTTP compression and reflects GET parameters. {DATA} will be replaced by the attack string. https://127.0.0.1:2001?affiliate={DATA}
port to capture The port the webserver listens on. Will be used as a pcap filter 2001
ip address to capture The ip address of the webserver. Will be used as a pcap filter 127.0.0.1
cookies to sent in the victim request The cookies which will be sent by the victim simulator. Required to provide sessions SESSION=0372e249-7932-41ba-8dbb-6e79e991c8e7
prefix for the attack A prefix of a place where the to be guessed secret is located. Required to increase the compression probabilty input type="hidden" name="csrftoken" value="
token to guess The secret we want to guess. Allows to show better status messages. The guessing algorithm does not use it in any way 9f0fea5a00946a9a4c606178d85a6464018bc140
interface to capture The interface we want to capture on lo

Breach in action: asciicast

Poodle

  1. Export the privkey.pem from the server image (for visualization): docker exec <container> cat privkey.pem > victim_server/privkey.pem
  2. As a setup.py is currently missing: export PYTHONPATH="."
  3. ./scripts/ssl-demos.py -p <port to capture> -i <ip address of the server> -I <interface 1> Poodle -I2 <interface 2>
  4. Start the victim client: cd victim_client && ./poodle.sh
Parameter Description Example
port to capture The port the webserver listens on. Will be used as a pcap filter 2000
ip address of the server The ip address of the webserver. Will be used in the MitM 172.10.2.2
interface 1 The first interface docker1
interface 2 The second interface docker2

About

WIP framework for TLS attack demos

License:GNU General Public License v3.0

Languages

Language:Python 90.9%Language:Dockerfile 4.7%Language:Shell 3.6%Language:HTML 0.5%Language:Jinja 0.3%Language:JavaScript 0.1%