Commit Graph

5 Commits (7bda1e494b96522feb3868c656e5743477d2bb8b)

Author SHA1 Message Date
Ramon de C Valle 7bda1e494b Use Rex::Socket::Tcp 2015-06-21 13:40:31 -07:00
Ramon de C Valle 7f55f6631c Remove the timeout option 2015-06-20 20:14:47 -07:00
Ramon de C Valle 01e87282a9 Use Msf::ThreadManager#spawn 2015-06-20 18:48:10 -07:00
Ramon de C Valle dabc7abae5 Change method names to lowercase 2015-06-20 18:23:34 -07:00
Ramon de C Valle a48d79a2e7 Add jsse_skiptls_mitm_proxy.rb
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00