Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix exploit on chrome #7

Open
mpgn opened this issue Apr 30, 2018 · 2 comments
Open

Fix exploit on chrome #7

mpgn opened this issue Apr 30, 2018 · 2 comments
Assignees
@mpgn
Labels
bug
Projects
poodle-PoC v2

Comments

@mpgn
Copy link
Owner

mpgn commented Apr 30, 2018
edited

On chrome, the exploit doesn't work because of multiple exceptions that break completely the socket connection. Those errors were not raised on firefox.

Edit: fix

try:
       (content_type, version, length) = struct.unpack('>BHH', ssl_header)
except struct.error as err:
       return
@mpgn mpgn added the bug label Apr 30, 2018
@mpgn mpgn self-assigned this Apr 30, 2018
@mpgn mpgn added this to Done in poodle-PoC v2 Apr 30, 2018
@mpgn mpgn moved this from Done to To do in poodle-PoC v2 Apr 30, 2018
@mpgn
Copy link
Owner Author

mpgn commented May 1, 2018

Another problem:

image

Chrome (2 requests) VS Firefox (1 request)

Every request send to the server with chrome is followed by another request, the favivon !

@mpgn
Copy link
Owner Author

mpgn commented May 1, 2018
edited

Well, chrome doesn't handle data like firefox... After sending multiple request with javascript, the server always return hmac error even if there is no hmac error. Very very strange

@mpgn mpgn mentioned this issue Jan 9, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mpgn mpgn

Labels
bug
Projects
poodle-PoC v2
  
To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mpgn