Design and implementation of an SSL/TLS attack toolkit

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

There has been various attacks published previously against different versions of SSL/TLS (Secure Socket Layer/Transport Layer Security). Most of these vulnerabilities have been fixed by later protocol versions, however many devices, especially embedded ones, continue to use old versions or TLS (or even SSL), so they're still vulnerable. There are proof of concept implementations available for most of these attacks, but they're scattered around the internet, they all require different software and setup to function, and they're generally problematic to use.

The goal of the theses is to implement an integrated, modular and easily configurable tool that can demonstrate a subset of the known attacks. To achieve this goal, I'm going to describe four different attacks: SSL2 cipher-suite downgrade, padding oracle against SSL3 and TLS 1.0, and finally BEAST. I'm going to describe the theory behind their operation, and implement them as Metasploit modules, using a proxy that can intercept and modify packets. Finally, I'm going to describe the experience gained while trying out the exploits in laboratory conditions.


Please sign in to download the files of this thesis.