PoC of the Poodle Attack against SSL/TLS

poodle-Poc ~ Poodle (Padding Oracle On Downgraded Legacy Encryption) attack.

poodle-PoC is PoC explore the cryptography behind the attack, it can be assimilate to the MiTM. Poodle allow you to retrieve plaintext messages if the Transport Layer Security used is SSLv3 (I also made a point for TLS1.0). It does not allow you to retrieve the private key used to encrypt the message or the request HTTP.

SSLv3 and CBC cipher mode
SSLv3 is a protocol to encrypt/decrypt and secure your data. In our case, he uses the CBC cipher mode chainning . The plaintext is divided into block regarding the encryption alogithm (AES,DES, 3DES) and the length is a mulitple of 8 or 16. If the plaintext don’t fill the length, a padding is added at the end to complete the missing space.

PoC of the Poodle Attack against SSL/TLS

PoC of the Poodle Attack against SSL/TLS

SSLv3 also use HMAC to check the integrity and authenticate of the plaintext.
— keyed-hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function (hence the ‘H’) in combination with a secret cryptographic key
With this an attacker can’t intercept and alter the cipher then send it back.

Latest change 31/7/2017:
+ Update old PoC with OP_NO_COMPRESSION ssl option
This option disable the compression of the data during the client<->server exchange otherwise all the exchange will be compressed with DEFLATE
the compression seems to mitigate the poodle attack (need to make more research on this) because it’s no more possible to get the length of a bloc


Source: https://github.com/mpgn