See http://www.trinux.org/iplayer/ for an example of how to manually build a ClientHello by sniffing traffic with ssldump and building a nasl. You are really only going to be able to do this stuff (especially malformed stuff) by hand -- meaning that does not use an SSL_connect() (or whatever its actually called) because it sets up the session/does everything automatically. Eric Rescorla's book on SSL is a must have for doing this type of stuff. You can really use NASL, perl, C, python, or whatever your favorite scripting language for socket programming. -mdf --- Mike Murray <mmurrayat_private> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You should also be able to use stunnel or sslproxy > to do this task. > > On Wednesday 03 October 2001 12:59 pm, Cushing, > David wrote: > > Is anyone aware of a tool that will send bogus > and/or maliciously > > crafted packets to an SSL enabled application? > > > > I don't want to write it if it's already out > there... couldn't find > > anything on a web search. > > > > Thanks, > > David > > - -- > | Mike Murray > <mmurrayat_private> > | Scientific Technologist > http://www.nCircle.com > | nCircle Network Security > 415-625-5968 > | cell - 415.305.0859 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE7vMEmSZ6Dtue7Vb4RAo19AJ9/gwWucs6UqgLqjlmCy+8LsjHtoACeONIq > NR+e2hJOL5XOWIfClf2t+TY= > =LZKC > -----END PGP SIGNATURE----- __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 18:18:12 PDT