Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add C&C server (client <-> proxy) #1

Open
mpgn opened this issue May 7, 2018 · 0 comments
Open

Add C&C server (client <-> proxy) #1

mpgn opened this issue May 7, 2018 · 0 comments
Assignees
@mpgn
Labels
exploit

Comments

@mpgn
Copy link
Owner

mpgn commented May 7, 2018

Add a C&C server on the proxy side to send command to the client.

The command allow an attacker to know what byte is send and inform the client when a byte is found.

Unless the poodle exploit I already made a C&C is mandatory. On the poodle poc, to inform the client of something, I sent an HMAC error to the response of the AJAX request by altering the last byte of the encrypted request. Therefore, the client knew something was discovered on the proxy side and he could to something else. (this technique was used to find the length of a block, yes it's very binary but it allow me to simplify the exploit maximally).

How it works ?

  1. On the client side :

    • send byte to C&C
    • send byte to the remote server

  2. On the C&C side :

    • byte recieve
    • check the length of the request from the proxy
    • send response to the client (ok, nok)

  3. On the client side :

    • receive response from the server
    • receive response from the C&C
    • regarding the response, add another byte or next byte

💥🔥💀
@mpgn mpgn added the exploit label May 7, 2018
@mpgn mpgn self-assigned this May 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mpgn mpgn

Labels
exploit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mpgn