Navigation



Tag Archives | ssl security




SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool

Last updated: March 13, 2013 | 4,215 views

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility Performance testing: session resumption and TLS tickets support Security testing: […]

Share23
Tweet59
+19
Share3
94 Shares
Topic: Cryptography, Networking Hacking, Web Hacking

TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

Last updated: December 6, 2012 | 3,891 views

When running web application security assessments it is mandatory to evaluate the security stance of the SSL/TLS (HTTPS) implementation and configuration. OWASP has a couple of references the author strongly recommends taking a look at, the “OWASP-CM-001: Testing for SSL-TLS” checks, part of the OWASP Testing Guide v3, and the Transport Layer Protection Cheat Sheet. […]

Share
Tweet48
+1
Share7
55 Shares
Topic: Cryptography, Web Hacking

sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

Last updated: September 9, 2015 | 14,091 views

It’s been a while since the last sslsniff release back in August 2009 with version 0.6 – sslsniff v0.6 Released – SSL MITM Tool. Version 0.7 was finally released earlier in the year in April – so here it is. This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” […]

Share7
Tweet35
+13
Share4
49 Shares
Topic: Hacking Tools, Networking Hacking

sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly

Last updated: May 2, 2011 | 8,981 views

sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that. Dumps one file by […]

Share1
Tweet41
+1
Share11
53 Shares
Topic: Cryptography, Exploits/Vulnerabilities, Networking Hacking

Website Auto-complete Leaks Data Even Over Encrypted Link

Last updated: September 9, 2015 | 7,496 views

I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms […]

Share1
Tweet
+1
Share
1 Shares
Topic: Cryptography, Exploits/Vulnerabilities, Privacy

Popular Tags

computer-security · darknet · ddos · dos · exploits · fuzzing · google · hacking-networks · hacking-websites · hacking-windows · hacking tool · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · pen-testing · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · windows · windows-security · Windows Hacking · worms · XSS ·