[framework] SSL Class?
asotirov at determina.com
Wed Mar 14 16:07:56 PDT 2007
> There isn't one really -- we support OpenSSL, but the API isn't really
> exploit-friendly when it comes to SSL implementation bugs. To trigger the
> cipher overflow, just create a request manually with all the ciphers
> inside and send it. The trouble I ran into when writing this exploit is
> that before the bug would trigger, you had to complete the SSL handshake.
> The best approach would be to MITM an existing SSL implementation and
> rewrite the hello packet to include the new cipher list.
This exploit has a partial implementation of an SSL handshake, written in C:
More information about the framework