[framework] SSL Class?

[Alexander Sotirov]

> There isn't one really -- we support OpenSSL, but the API isn't really 
> exploit-friendly when it comes to SSL implementation bugs. To trigger the 
> cipher overflow, just create a request manually with all the ciphers 
> inside and send it. The trouble I ran into when writing this exploit is 
> that before the bug would trigger, you had to complete the SSL handshake. 
> The best approach would be to MITM an existing SSL implementation and 
> rewrite the hello packet to include the new cipher list. 

This exploit has a partial implementation of an SSL handshake, written in C:
http://www.phreedom.org/solar/exploits/apache-openssl/

Alex