BEAST (Browser Exploit Against SSL/TLS) Vulnerability

  • Status Closed
  • Budget $250 - $750 USD
  • Total Bids 2

Project Description

The SSL protocol encrypts data by using CBC mode with chained

initialization vectors. This allows an attacker, which is has gotten

access to an HTTPS session via man-in-the-middle (MITM) attacks

or other means, to obtain plain text HTTP headers via a blockwise

chosen-boundary attack (BCBA) in conjunction with Javascript code

that uses the HTML5 WebSocket API, the Java URLConnection API,

or the Silverlight WebClient API. This vulnerability is more commonly

referred to as Browser Exploit Against SSL/TLS or "BEAST".

Service: Apache-Coyote/1.1

Evidence:

• Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA

• Cipher Suite: SSLv3 : AES128-SHA

• Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA

• Cipher Suite: SSLv3 : EDH-RSA-DES-CBC-SHA

• Cipher Suite: SSLv3 : EXP-EDH-RSA-DES-CBC-SHA

• Cipher Suite: SSLv3 : DES-CBC3-SHA

• Cipher Suite: SSLv3 : DES-CBC-SHA

Get free quotes for a project like this

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online