On 5 July 2010 15:28, Sebastien J <[email protected]> wrote: > Hi Robin, > > For weak SSL ciphers, particularly the ones that don't actually do > encryption, then you could demo something. You can force your client > to request a non-encrypting cipher suite, and then show how it's > possible to intercept traffic in cleartext over the network. > > For cipher suites that DO encrypt, the 56-bit ones are very weak and > shouldn't be used. Unless you want to bother cracking encryption, you > won't be able to immediately demo this one. It's simply a question of > telling them that weak encryption sucks and can already be broken by a > determined attacker.
Both good answers but they don't answer my question, to re-ask it in regard to your answers, how do I get a client to downgrade its encryption to either cleartext or a weak key cipher and then what can you use to crack encrypted HTTP streams? I can explain technically why these are bad to a client but what I'm trying to find is a walk through or at least some discussion on how to exploit the problems in the real world. I'm planning to do the demo as a video if I can do one so taking some time to do the cracking is fine I can just time lapse or skip parts. > The SSLv2 protocol itself has a number of vulnerabilities. It depends > on the version of SSL they use and which platform it's running on. But > it's safe to say there are a number of issues and they should be using > SSLv3/TLSv1. > > See here for one example of an SSLv2 vuln: > http://www.securityfocus.com/bid/5363/discuss This is a vulnerability in the implementation of SSLv2, not in the protocol, its the protocol vulnerability I'm after. Robin > > Sincerely, > SJ > -- > http://www.securitygeneration.com > > On Fri, Jul 2, 2010 at 3:16 PM, Robin Wood <[email protected]> wrote: >> When scanning web servers the scanners regularly come with >> vulnerabilities for weak and medium ciphers and SSL v2. A client has >> recently asked why these are an issue and can they have a demo of them >> being exploited. I've found some technical level docs on why this is a >> problem but I'm looking for some kind of walk through on how to demo >> exploiting this. Does anyone have one? >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > Sincerely, > Sebastien J. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
