Poodle - HoLyVieR/tls-attack GitHub Wiki
Poodle
This implements the Poodle attack as described in numerous papers like This POODLE Bites: Exploiting The SSL 3.0 Fallback. It offers a practical proof of concept which solves many issue when dealing with real-world attack.
An example of the usage of this module can be found in here.
Tested browsers
- Firefox 16.0.1
Note : The downgrade attack required for Poodle partially works. It has to be the first time the browser connects to the server for it to work.
Tested servers
- OpenSSL 1.0.1a
Note : The server must of course support SSLv3.
API
PoodleAttack ( https_mitm , force_request )
The constructor of this module requires an instance of two modules. The first one https_mitm is of any module capable of intercepting and modifying the HTTPS traffic of the victim. The second one force_request is of any module capable of forcing the victim to make any request of our choice.
on_vulnerable_connection ( callback_handler ( key, client_ip, server_ip ) )
Whenever the module detects a connection vulnerable to the Poodle attack, it will call the callback_handler with the parameters specified in the constructor.
- key : Unique identifier of the vulnerable connection between the client and the server.
- client_ip : IP of the victim
- server_ip : IP of server the victim is connecting to.
decrypt_byte (key, index, callback_handler ( result, index ) )
Perform the Poodle attack to decrypt a byte at the position index of the header of a forced request. The position 0 of this index is a best guess of where the second line of the HTTP header starts.
- key : Unique identifier of the vulnerable connection between the client and the server.
- index : byte position to find
- result : value of the byte at the position
index.