OPENSSL CVE-2014-0224 MITM exploit demo.
Author : @bluerust
Blog : http://hi.baidu.com/bluerust/item/bf2ab031bbadcf09cfb9fe41
Ver : 1.1
Desc :
Only for openssl 1.0.1*, only tested for cipher RC4-SHA.
a. server
openssl s_server -debug -accept 443 -cert server.crt -certform PEM -key server.key -cipher RC4-SHA
we don't want to discuss how to generate the certificate in here.
b. client
openssl s_client -connect 127.0.0.1:9999 -debug -cipher RC4-SHA
c. mitm proxy
go run proxy_all.go -host=127.0.0.1 -port 443 -listen_port=9999
--------------------------
References:
[1] Early ChangeCipherSpec Attack (05 Jun 2014)
https://www.imperialviolet.org/2014/06/05/earlyccs.html
[2] SSL/TLS MITM vulnerability (CVE-2014-0224)
http://www.openssl.org/news/secadv_20140605.txt
[3] How I discovered CCS Injection Vulnerability (CVE-2014-0224)
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html