mailing list archives
From: hdm at metasploit.com (H D Moore)
Date: Sun, 11 Mar 2007 18:26:24 -0600
There isn't one really -- we support OpenSSL, but the API isn't really
exploit-friendly when it comes to SSL implementation bugs. To trigger the
cipher overflow, just create a request manually with all the ciphers
inside and send it. The trouble I ran into when writing this exploit is
that before the bug would trigger, you had to complete the SSL handshake.
The best approach would be to MITM an existing SSL implementation and
rewrite the hello packet to include the new cipher list.
On Sunday 11 March 2007 19:19, Ty Miller wrote:
What Metasploit Class would I use to be able to mess around with the
- SSL Class? Ty Miller (Mar 12)
- SSL Class? H D Moore (Mar 12)