TLS/SSL Attacks

Network

TLS/SSL vulnerabilities can expose encrypted traffic. This guide covers testing for weak configurations and known attacks.

Common TLS Vulnerabilities

Protocol Attacks

• POODLE (SSLv3 CBC)
• BEAST (TLS 1.0 CBC)
• CRIME/BREACH (compression)
• Heartbleed (OpenSSL bug)

Configuration Issues

• Weak cipher suites (RC4, DES)
• SSLv2/SSLv3 enabled
• Self-signed certificates
• Missing HSTS headers

Testing Tools

tls-testing.sh

bash

# testssl.sh - Comprehensive TLS scanner
git clone --depth 1 https://github.com/drwetter/testssl.sh
./testssl.sh https://target.com

# SSL Labs (online)
# https://www.ssllabs.com/ssltest/

# OpenSSL - Manual testing
openssl s_client -connect target.com:443 -tls1
openssl s_client -connect target.com:443 -ssl3
openssl s_client -connect target.com:443 -cipher RC4

# Nmap scripts
nmap --script ssl-enum-ciphers -p 443 target.com
nmap --script ssl-heartbleed -p 443 target.com

# sslscan
sslscan target.com

# Check certificate
openssl s_client -connect target.com:443 | openssl x509 -text

Certificate Pinning

Mobile apps may use certificate pinning. Use Frida or objection to bypass for testing purposes.

TLS/SSL Attacks

Common TLS Vulnerabilities

Protocol Attacks

Configuration Issues

Testing Tools

Related Topics

Hash Extension

RSA Attacks