Ways to modify a byte in the SSL Handshake protocol on the fly!

1. Replay captured packets
     * Capture an SSL handshake and save the pcaps
     * Modify the captures using HEXedit or EMACS
     * Replay the capture with any TCP re-player (try tcpreplay) to send your modified packets.

 

2. MiTM Real Time SSL Handshake
    * You can use tcplivereplay or BetterCAP for (but you need to do some work around for this)

 

3. At  IDS/IPS network/router Level

   * Some IDS like (SNORT)  provides facility to replace tcp packet contents (headers+payload) when deployed inline mode.  with SNORT you can use “replace” as post detection Rule Option, only limit is you cant change the content length of the packet as it disturbs the CRC.

 

4. TLS-Attacker

   * TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/) and the Hackmanit GmbH (http://hackmanit.de/). It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.

 

5.Echo Mirage for network level interception/modification.

 

6. Below link mentions some more tools/setups.

Please follow and like us:

Be the first to comment

Leave a Reply

Your email address will not be published.


*