See http://www.trinux.org/iplayer/ for an example of
how to manually build a ClientHello by sniffing
traffic with ssldump and building a nasl. You are
really only going to be able to do this stuff
(especially malformed stuff) by hand -- meaning that
does not use an SSL_connect() (or whatever its
actually called) because it sets up the session/does
everything automatically.
Eric Rescorla's book on SSL is a must have for doing
this type of stuff.
You can really use NASL, perl, C, python, or whatever
your favorite scripting language for socket
programming.
-mdf
--- Mike Murray <mmurray_at_ncircle.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You should also be able to use stunnel or sslproxy
> to do this task.
>
> On Wednesday 03 October 2001 12:59 pm, Cushing,
> David wrote:
> > Is anyone aware of a tool that will send bogus
> and/or maliciously
> > crafted packets to an SSL enabled application?
> >
> > I don't want to write it if it's already out
> there... couldn't find
> > anything on a web search.
> >
> > Thanks,
> > David
>
> - --
> | Mike Murray
> <mmurray_at_nCircle.com>
> | Scientific Technologist
> http://www.nCircle.com
> | nCircle Network Security
> 415-625-5968
> | cell - 415.305.0859
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: For info see http://www.gnupg.org
>
>
iD8DBQE7vMEmSZ6Dtue7Vb4RAo19AJ9/gwWucs6UqgLqjlmCy+8LsjHtoACeONIq
> NR+e2hJOL5XOWIfClf2t+TY=
> =LZKC
> -----END PGP SIGNATURE-----
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
Received on Oct 05 2001
Intro
