Skip to content
/ VulnTLS Public

Collection of TLS vulnerabilities ready to be exploited.

7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

otsmr/VulnTLS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

dual_ec

dual_ec

 
 

psychic_signatures

psychic_signatures

 
 

tests @ 7dd779e

tests @ 7dd779e

 
 

timing_issues

timing_issues

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Cargo.toml

Cargo.toml

 
 

README.md

README.md

 
 

Repository files navigation

VulnTLS

VulnTLS is a series of CTF challenges. The series implements several vulnerabilities. Most of the vulnerabilities were already present in common TLS implementations. The series provides a basic understanding of TLS and typical implementation vulnerabilities, with a focus on cryptography.

In this repository there are different setups to exploit the different vulnerabilities. For this it uses the vulnerable implementation, which has its own branch in the AnotherTLS repository.

Vulnerabilities

The vulnerabilities are marked with there difficulty (EASY, HARD, EXTREME). The evaluation is of course subjective and designed for a bachelor student.

Psychic signatures (EASY)

Bypass the client certificate authentication! Run the challenge.

cargo run --bin psychic_signatures

Timing issues (HARD)

Get the private key of the server! Run the challenge.

cargo run --bin timing_issues

Dual_EC (HARD)

Decrypt the captured connection! See challenge for more.

About

Collection of TLS vulnerabilities ready to be exploited.

Topics

timing-attacks tls13 elliptic-curve-cryptography

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages