@@ -57,7 +57,7 @@ Currently, the following features are supported:
5757- DTLS 1.2 (RFC-6347)(Currently under Development)
5858- SSL 2 (Client/Server Hello)
5959- (EC)DH and RSA key exchange algorithms
60- - CBC and Streamciphers
60+ - CBC, AEAD and Streamciphers
6161- TLS client and server
6262- HTTPS
6363- MitM (experimental)
@@ -146,31 +146,41 @@ We know many of you hate Java. Therefore, you can also use an XML structure and
146146<?xml version =" 1.0" encoding =" UTF-8" standalone =" yes"
147147<workflowTrace >
148148 <SendAction >
149- <ClientHello >
150- <extensions >
151- <HeartbeatExtension />
152- <ECPointFormat />
153- <EllipticCurves />
154- </extensions >
155- </ClientHello >
149+ <messages >
150+ <ClientHello >
151+ <extensions >
152+ <ECPointFormat />#
153+ <HeartbeatExtension />
154+ <EllipticCurves />
155+ </extensions >
156+ </ClientHello >
157+ </messages >
156158 </SendAction >
157159 <ReceiveAction >
158- <ServerHello >
159- <extensions >
160- <HeartbeatExtension / >
161- <ECPointFormat />
162- <EllipticCurves / >
163- </extensions >
164- </ ServerHello >
165- < Certificate />
166- <ServerHelloDone / >
160+ <expectedMessages >
161+ <ServerHello >
162+ <extensions >
163+ <ECPointFormat />
164+ </ extensions >
165+ </ServerHello >
166+ < Certificate / >
167+ < ServerHelloDone />
168+ </ expectedMessages >
167169 </ReceiveAction >
168170 <SendAction >
169- <Finished />
171+ <messages >
172+ <RSAClientKeyExchange >
173+ <computations />
174+ </RSAClientKeyExchange >
175+ <ChangeCipherSpec />
176+ <Finished />
177+ </messages >
170178 </SendAction >
171179 <ReceiveAction >
172- <ChangeCipherSpec />
173- <Finished />
180+ <expectedMessages >
181+ <ChangeCipherSpec />
182+ <Finished />
183+ </expectedMessages >
174184 </ReceiveAction >
175185</workflowTrace >
176186```
@@ -195,49 +205,59 @@ We can of course use this concept by constructing our TLS workflows. Imagine you
195205<?xml version =" 1.0" encoding =" UTF-8" standalone =" yes"
196206<workflowTrace >
197207 <SendAction >
198- <ClientHello >
199- <extensions >
200- <HeartbeatExtension />
201- <ECPointFormat />
202- <EllipticCurves />
203- </extensions >
204- </ClientHello >
208+ <messages >
209+ <ClientHello >
210+ <extensions >
211+ <ECPointFormat />#
212+ <HeartbeatExtension />
213+ <EllipticCurves />
214+ </extensions >
215+ </ClientHello >
216+ </messages >
205217 </SendAction >
206218 <ReceiveAction >
207- <ServerHello >
208- <extensions >
209- <HeartbeatExtension / >
210- <ECPointFormat />
211- <EllipticCurves / >
212- </extensions >
213- </ ServerHello >
214- < Certificate />
215- <ServerHelloDone / >
219+ <expectedMessages >
220+ <ServerHello >
221+ <extensions >
222+ <ECPointFormat />
223+ </ extensions >
224+ </ServerHello >
225+ < Certificate / >
226+ < ServerHelloDone />
227+ </ expectedMessages >
216228 </ReceiveAction >
217229 <SendAction >
218- <RSAClientKeyExchange />
219- <ChangeCipherSpec />
220- <Finished />
230+ <messages >
231+ <RSAClientKeyExchange >
232+ <computations />
233+ </RSAClientKeyExchange >
234+ <ChangeCipherSpec />
235+ <Finished />
236+ </messages >
221237 </SendAction >
222238 <ReceiveAction >
223- <ChangeCipherSpec />
224- <Finished />
239+ <expectedMessages >
240+ <ChangeCipherSpec />
241+ <Finished />
242+ </expectedMessages >
225243 </ReceiveAction >
226244 <SendAction >
227- <Heartbeat >
228- <payloadLength >
229- <integerExplicitValueModification >
230- <explicitValue >20000</explicitValue >
231- </integerExplicitValueModification >
232- </payloadLength >
233- </Heartbeat ><Heartbeat />
245+ <messages >
246+ <Heartbeat >
247+ <payloadLength >
248+ <integerExplicitValueModification >
249+ <explicitValue >20000</explicitValue >
250+ </integerExplicitValueModification >
251+ </payloadLength >
252+ </Heartbeat >
253+ </messages
234254 </SendAction>
235255 <ReceiveAction >
236- <Heartbeat />
256+ <Heartbeat />
237257 </ReceiveAction >
238258</workflowTrace >
239259```
240- As you can see, we explicitly increased the payload length of the Heartbeat message by 2000 .
260+ As you can see, we explicitly increased the payload length of the Heartbeat message by 20000 .
241261If you run the attack against the vulnerable server (e.g., OpenSSL 1.0.1f), you should see a valid Heartbeat response.
242262
243263Further examples on attacks and further explanations on TLS-Attacker can be found in the Wiki.
0 commit comments