de.rub.nds.tlsattacker.attacks.impl.PoodleAttacker Maven / Gradle / Ivy
/**
* TLS-Attacker - A Modular Penetration Testing Framework for TLS
*
* Copyright 2014-2021 Ruhr University Bochum, Paderborn University, Hackmanit GmbH
*
* Licensed under Apache License, Version 2.0
* http://www.apache.org/licenses/LICENSE-2.0.txt
*/
package de.rub.nds.tlsattacker.attacks.impl;
import de.rub.nds.tlsattacker.attacks.config.PoodleCommandConfig;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.DefaultWorkflowExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import java.util.LinkedList;
import java.util.List;
/**
*
*/
public class PoodleAttacker extends Attacker {
/**
*
* @param config
* @param baseConfig
*/
public PoodleAttacker(PoodleCommandConfig config, Config baseConfig) {
super(config, baseConfig);
}
@Override
public void executeAttack() {
throw new UnsupportedOperationException("Not supported yet.");
}
/**
*
* @return
*/
@Override
public Boolean isVulnerable() {
Config tlsConfig = getTlsConfig();
tlsConfig.setHighestProtocolVersion(ProtocolVersion.SSL3);
tlsConfig.setDefaultClientSupportedCipherSuites(getCbcCiphers());
tlsConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
State state = new State(tlsConfig);
DefaultWorkflowExecutor executor = new DefaultWorkflowExecutor(state);
executor.executeWorkflow();
return WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace());
}
private List getCbcCiphers() {
List cbcs = new LinkedList<>();
for (CipherSuite suite : CipherSuite.getImplemented()) {
if (suite.isCBC()) {
cbcs.add(suite);
}
}
return cbcs;
}
}