Beast-Exploit : Poc of BEAST attack against SSL/TLS.

Beast-Exploit : Poc of BEAST attack against SSL/TLS.

Beast-Exploit is a Poc of BEAST attack against SSL/TLS, writing in python.
it work with class :
– class Server: The secure server. A sample server, serving on his host and port waiting the client
– class Client: The unsecure post of the client can be a “unsecure” browser for example.
++ The client generate a random cookie and send it to the server through the proxy
++ The attacker by injecting javascript code can control the sending request of the client to the proxy -> server
– class ProxyTCPHandler(SocketServer.BaseRequestHandler):
++ Start a connection to the secure server and handle multiple socket connections between the client and the server Informe the attacker about the client’s frames or the server’s response
++ Finally redirect the data from the client to the server and inversely
– class Proxy: Assimilate to a MitmProxy
++ start a serving on his host and port and redirect the data to the server due to this handler

Example Screen Capture Beast Exploit : Poc of BEAST attack against SSL/TLS

Example Screen Capture Beast Exploit : Poc of BEAST attack against SSL/TLS

Dependencies :
– WIndows 7/Vista/8 and Unix
– Python 2.7, 3.x
Usage :
$ python BEAST.py -h -v (Host Port)

Download : Master.zip  | Clone Url
Source : https://github.com/mpgn