striptls – poc implementation of STARTTLS stripping attacks.

anon80 / February 2, 2016 / Comments Off / Encryption, Penetration Test

striptls – poc implementation of STARTTLS stripping attacks.
SMTP
+ SMTP.StripFromCapabilities – server response capability patch
+ SMTP.StripWithInvalidResponseCode – client STARTTLS stripping, invalid response code
+ SMTP.UntrustedIntercept – STARTTLS interception (client and server talking ssl) (requires server.pem in pwd)
+ SMTP.StripWithTemporaryError
+ SMTP.StripWithError
POP3 (untested)
+ POP3.StripFromCapabilities
+ POP3.StripWithError
+ POP3.UntrustedIntercept
IMAP (untested)
+ IMAP.StripFromCapabilities
+ IMAP.StripWithError
+ IMAP.UntrustedIntercept
FTP (untested)
+ FTP.StripFromCapabilities
+ FTP.StripWithError
+ FTP.UntrustedIntercept
NNTP (untested)
+ NNTP.StripFromCapabilities
+ NNTP.StripWithError
+ NNTP.UntrustedIntercept
XMPP (untested)
+ XMPP.StripFromCapabilities

striptls – auditing proxy

Usage:

git clone https://github.com/tintinweb/striptls && cd striptls
python setup.py
python python striptls --help

cd striptls
git pull origin master

git clone https://github.com/tintinweb/striptls && cd striptls

python setup.py

python python striptls --help

cd striptls

git pull origin master

Source : https://github.com/tintinweb

Tags: Attack Research, Interception, SSL, testing proxys

Archives

striptls – poc implementation of STARTTLS stripping attacks.