skip-tls

SkipTLS - hacked up version of tlslite (https://github.com/trevp/tlslite) to exploit https://www.smacktls.com/#skip

To obtain certificates:

- openssl s_client -showcerts -host www.google.com -port 443
- copy all of the certs (in the displayed order) into a .pem file

Running skip-tls:

sudo ./skiptls.py server -c www.google.com.pem --skipTls 127.0.0.1:443

Diverting a connection:

- For testing, something simple like editing /etc/hosts or using dnsmasq to push custom DNS entries works fine.
- IRL, use any MITM technique.

A very simple Java client is included. If you don't get a certificate error and see the output, you're running a vulnerable version of Java.

Currently, all the code does is return the contents of squirrel.txt to the client. Proxying to a real host (like an inline burpsuite, or similar) has not been implemented.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
demo_client/src/com/atredis		demo_client/src/com/atredis
tlslite		tlslite
README.md		README.md
google_combined_old.pem		google_combined_old.pem
skiptls.py		skiptls.py
squirrel.txt		squirrel.txt
www.google.com.pem		www.google.com.pem

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

demo_client/src/com/atredis

demo_client/src/com/atredis

tlslite

tlslite

README.md

README.md

google_combined_old.pem

google_combined_old.pem

skiptls.py

skiptls.py

squirrel.txt

squirrel.txt

www.google.com.pem

www.google.com.pem

Repository files navigation

skip-tls

About

Releases

Packages

Contributors 2

Languages

atredispartners/skip-tls

Folders and files

Latest commit

History

Repository files navigation

skip-tls

About

Resources

Stars

Watchers

Forks

Languages