Closed mpgn closed 6 years ago
mpgn
commented
6 years ago Okay, I finally found a way ! but in chrome, not firefox :laughing:
This is the capture of the wireshark traffic, the proof :
I will implement the downgrade method during the next week and push the code after ! :smile:
christypriory
commented
6 years ago It will be very helpful. Please let me know when it's available.
christypriory
commented
6 years ago Any updates related to pushing the code will be very helpful 👍
mpgn
commented
6 years ago 
christypriory
commented
6 years ago can't wait to test it 👍
mpgn
commented
6 years ago How it works ?
during the handshake (after the hello client), the exploit send a handshake_failure 15030000020228 then the browser should resend a hello client with SSLv3.0 as default protocol. Tested on chrome version 15 but it's not working on Firefox (I think he doesn't support protocol renegotiation)
For now and after many attempt, I didn't find a proper way to downgrade the protocol to SSLv3 if TLS was negotiate first. (with old version of openssl/browser) that didn't support TLS Fallback SCSV.
Sending a Handshake failure during the handshake was not working for example with firefox. I also didn't find a real example internet.