Closed kkkkkkkk97 closed 5 years ago
Hey, we removed fuzzing capabilities from the TLS-Attacker project and outsourced them to a more powerful tool which we are currently working on behind the curtains. The Fuzzer was deprecated after Version 1.2. If you want to modify the parameters of the messages an easy way to go is to load an xml Config file with the values contained. I recently wrote a tutorial on how to do this on our blog: https://web-in-security.blogspot.com/2019/03/playing-with-tls-attacker.html
Thanks a lot,I got it. And what should I do if I want to modify the Record header or the ClientHello header of the message?
Hey, This has to be done with a custom WorkflowTrace. You can do this like this:
<workflowTrace>
<Send>
<messages>
<ClientHello/>
</messages>
<records>
<Record>
<contentType>
<byteExplicitValueModification>
<explicitValue>
0
</explicitValue>
</byteExplicitValueModification>
</contentType>
<length>
<integerExplicitValueModification>
<explicitValue>255</explicitValue>
</integerExplicitValueModification>
</length>
<protocolVersion>
<byteArrayExplicitValueModification>
<explicitValue>
12 34
</explicitValue>
</byteArrayExplicitValueModification>
</protocolVersion>
</Record>
</records>
</Send>
</workflowTrace>
Thanks a lot ,how about client authentication?
It should be enough to send the correct messages in the workflowtrace.
Can I use the attacker to generate a client certificate to achieve a mutual authentication of SSL/TLS?
TLS-Attacker itself cannot generated certificates. However it is shipped with a script which can do so in the resources folder and has alot of different certificates already preconfigured which can do client authentication
TLS-attcaker is a very powerful software, I want to use it for fuzzing, but I encountered a lot of problems when I tried to modify the WorkflowTrace. Could you please tell me how to modify the supported cipher suite, record length and some other values in the WorkflowTrace or a better strategy. Also, I have tried the old version, but I also encountered some problems.I'm a beginner.