5d6c15a43d
This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. This module requires an active man-in-the-middle attack. |
||
---|---|---|
.. | ||
auxiliary | ||
encoders | ||
exploits | ||
nops | ||
payloads | ||
post |