TLS-Attacker v3.6 released: Java-based framework for analyzing TLS libraries
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.
Please note: TLS-Attacker is a research tool intended for TLS developers and pentesters. There is no GUI and no green/red lights. It is the first version and can contain some bugs.
TLS-Attacker consists of several (maven) projects:
- Transport: Transport utilities for TCP and UDP.
- ModifiableVariable: Contains modifiable variables that allow one to execute (specific as well as random) variable modifications during the protocol flow. ModifiableVariables are used in the protocol messages.
- TLS: Protocol implementation, currently (D)TLS1.2 compatible.
- Attacks: Implementation of some well-known attacks and tests for these attacks.
- Fuzzer: Fuzzing framework implemented on top of the TLS-Attacker functionality.
You can find more information about these modules in the Wiki.
Supported Standards and Cipher Suites
Currently, the following features are supported:
- TLS versions 1.0 (RFC-2246), 1.1 (RFC-4346) and 1.2 (RFC-5246)
- DTLS 1.2 (RFC-6347)
- (EC)DH and RSA key exchange algorithms
- AES CBC cipher suites
- Extensions: EC, EC point format, Heartbeat, Max fragment length, Server name, Signature and Hash algorithms
- TLS client and server
- Java 11 support
- Fixed flaw in signature and hash algorithm selection
- Improved automatic Certificate selection
- Updated Invalid Curve Attacker
- Fixed createPointOnCurve for Secp224
- Added createPointOnCurve for F2m curves
- Added Constants for explicit elliptic curves
- TLS 1.3 handshakes now correctly set the named group
- Removed TLS 1.3 draft versions
- Improved Timing Measurement code
- Fixed a lot of flaws/exceptions which can occur if you do completely random modifications
- Streamlined API’s
- Improved Starttls integration
- Improved ESNI support
- Changed alertLevel and description to enums in the config
- Integrated OCSP support
Download or Compiling and Running
In order to compile and use TLS-Attacker, you need to have Java installed. Run the maven command from the TLS-Attacker directory:
$ git clone https://github.com/RUB-NDS/TLS-Attacker.git
$ cd TLS-Attacker
$ ./mvnw clean package
Alternatively, if you are in a hurry, you can skip the tests by using:
$ ./mvnw clean package -DskipTests=true
You can then run the client from the Runnable/target directory:
$ java -jar TLS-Attacker-1.2.jar client -connect [host:port]
In the following, we present some very simple examples on using TLS-Attacker.
First, you need to start a TLS server (please do not use public servers). For example, you can use an OpenSSL test server::
$ cd TLS-Attacker/resources
$ openssl s_server -key rsa1024key.pem -cert rsa1024cert.pem
This command starts a TLS server on a port 4433.
If you want to connect to a server, you can use this command:
$ cd TLS-Attacker/Runnable/target
$ java -jar target/TLS-Attacker-1.2.jar client -connect localhost:4433
You can use a different cypher suite, TLS version, or connect to a different port with the following parameters:
$ java -jar TLS-Attacker-1.2.jar client -connect localhost:4433 -cipher TLS_RSA_WITH_AES_256_CBC_SHA -version TLS11
The Attacks module contains some attacks, you can for example test for the padding oracle vulnerabilities:
$ java -jar TLS-Attacker-1.2.jar padding_oracle