Comment # 2
on bug 13191
from [email protected]
(In reply to Peter Wu from comment #1)
> The capture seems malformed.
>
> Frame 11 + 12, reassembled:
> [Client Hello ...]
> [elliptic_curves extension ...]
> 00 00 Extension Type: Server Name Indication (0)
> 17 00 Extension Length: 5888 (!)
>
>
> Interpreting it in a slightly different way:
> [Client Hello ...]
> [elliptic_curves extension ...]
> 00 00 Extension Type: Server Name Indication (0)
> 17 00 15 00 (?? what is this garbage)
> 00 12 Length: 18
> 77 77 77 2e 73 61 6d 73 75 6e 67 6f 74 6e 2e 6e 65 74 www.samsungotn.net
> 00 0b Extension Type: EC Point Formats
> 00 04 Length: 4
> 03 00 01 02
> 00 0a Extension Type: supported_groups (renamed from elliptic_curves)
> 00 34 Length: 52
> 00 32 00 01 00 02 00 03 00 04 00 ...
>
> This makes no sense, your MITM tool is broken, it is producing garbage that
> (rightfully) makes the server reset the connection.
>
> Though for some weird reason, frame 199 does contain a Server Hello (in
> response to the malformed Client Hello in frame 198). Is this an attempt to
> exploit a vulnerability?
Very weird, my MITM tool only modifies the packet using scapy with
scapy_ssl_tls and python 2.7.11 and shouldn't be outputting any garbage. Any
idea what 17 00 15 00 might belong to? Seems weird to me but I'll try to check
it.
I am trying to actually exploit a vulnerability in the client - not the server,
but now that you mention that server hello it actually is pretty interesting -
although I don't think it might indicate a vulnerability (maybe a problem with
SSL implementation but it doesn't seem to lead anywhere).
You are receiving this mail because:
- You are watching all bug changes.