TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.
TLS-Attacker consists of several (maven) projects:
+ Transport: Transport utilities for TCP and UDP.
+ ModifiableVariable: Contains modifiable variables that allow one to execute (specific as well as random) variable modifications during the protocol flow. ModifiableVariables are used in the protocol messages.
+ TLS: Protocol implementation, currently (D)TLS1.2 compatible.
+ Attacks: Implementation of some well-known attacks and tests for these attacks.
+ Fuzzer: Fuzzing framework implemented on top of the TLS-Attacker functionality.
Currently, the following features are supported:
– TLS versions 1.0 (RFC-2246), 1.1 (RFC-4346) and 1.2 (RFC-5246)
– DTLS 1.2 (RFC-6347)
– (EC)DH and RSA key exchange algorithms
– AES CBC cipher suites
– Extensions: EC, EC point format, Heartbeat, Max fragment length, Server name, Signature and Hash algorithms
– TLS client and server
git clone https://github.com/RUB-NDS/TLS-Attacker && cd TLS-Attacker
./mvnw clean package -DskipTests=true
openssl s_server -key rsa1024key.pem -cert rsa1024cert.pem -verify ec256cert.pem
java -jar Runnable/target/TLS-Attacker-1.0.jar -help