|
Vulnerability Development
mailing list archives
Re: Tools to exercise SSL implementation
From: Matthew Franz <matthewdfranz () yahoo com>
Date: Thu, 4 Oct 2001 16:29:08 -0700 (PDT)
See http://www.trinux.org/iplayer/ for an example of
how to manually build a ClientHello by sniffing
traffic with ssldump and building a nasl. You are
really only going to be able to do this stuff
(especially malformed stuff) by hand -- meaning that
does not use an SSL_connect() (or whatever its
actually called) because it sets up the session/does
everything automatically.
Eric Rescorla's book on SSL is a must have for doing
this type of stuff.
You can really use NASL, perl, C, python, or whatever
your favorite scripting language for socket
programming.
-mdf
--- Mike Murray <mmurray () ncircle com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You should also be able to use stunnel or sslproxy
to do this task.
On Wednesday 03 October 2001 12:59 pm, Cushing,
David wrote:
Is anyone aware of a tool that will send bogus
and/or maliciously
crafted packets to an SSL enabled application?
I don't want to write it if it's already out
there... couldn't find
anything on a web search.
Thanks,
David
- --
| Mike Murray
<mmurray () nCircle com>
| Scientific Technologist
http://www.nCircle.com
| nCircle Network Security
415-625-5968
| cell - 415.305.0859
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7vMEmSZ6Dtue7Vb4RAo19AJ9/gwWucs6UqgLqjlmCy+8LsjHtoACeONIq
NR+e2hJOL5XOWIfClf2t+TY=
=LZKC
-----END PGP SIGNATURE-----
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
 By Date 
By Thread
Current thread:
| 
Intro
