Bleichenbacher - Test SSL implementations for Bleichenbacher and Klima-Pokorny-Rosa vulnerabilities

  •        238

This code connects to a remote SSL service, and determines whether the SSL implementation is susceptible to Bleichenbacher's adaptive chosen-ciphertext attack, or the Klima-Pokorny-Rosa adaptive chosen-ciphertext attack. The code will print a simple 'yes'/'no' as to whether the remote implementation is open to the KPR attack. In the case of Bleichenbacher's attack, there are four scenarios: a) the SSL service is not vulnerable. b) the SSL service returns an error only when the PKCS padding is incorrect (level 3). This makes the service enormously susceptible to the attack, and will take on averageabout 8000 attempts to get the first 'hit', and then 512-1024 attempts to crack the session key depending on its length (i.e. it's a walk in the park, the server is horribly broken, and no-one is safe). c) the SSL service returns an error if the PKCS padding is incorrect, OR the decoded seed is of the wrong length (level 2). This implies the same level of difficulty as the KPR attack. Between 106 and 108 attempts to get the first 'hit', and then 512-1024 to crack the session key (this is somewhat infeasible in the wild, but you might get lucky). Some versions of OpenSSL are vulnerable to level2 bleichenbacher attacks. d) the SSL service returns an error if the PKCS padding is wrong, the length of the decoded seed is wrong, or the PKCS version in the decoded data is wrong (level 1). This is nigh on impossible to attack. Usage: ssltest {-b | -k} [-d] [-s] [-t timeout] hostname port_number where: -b tests for Bleichenbacher's attack -k tests for the KPR attack -d switches on debugging -t supplies a connection timeout in seconds -s switches on smtp tunneling, to test against SSL-enabled SMTP mail servers. The port number defaults to 443. This code only tests for the flaws. It doesn't exploit them. Sorry.



Related Projects


raspBerry+ is a web-based administration platform for Blackberry Enterprise Server for MS Exchange (BES). You can group-based activate/kill/delete/add and get status of users, their handhelds and services. With a little download-area and a comment-system


RASP's A Sneakernet Proxy; download using a thumbdrive.


RasmusDSP is an embeddable Audio/MIDI processor. It contains various filters and generators (including SoundFont 2.0 compatible synthesizer). Has a script interpreter which is used to describe instruments, route Audio/MIDI signal between processor units.


An acronym for cRoss-plAtform accesS control for Enterprise Applications. Rasea aims to become a reference in access control as a service based on the RBAC model.


Rascal, the Advanced Scientific CALculator, is a platform independent modular calculator. Based on modules for integer, doubles, strings, vectors and matrices it can be easily extended with existing C or C++ code.


RARS is the Robot Auto Racing Simulation, in which the drivers are robot programs. It is intended as a competition among programmers. It consists of a simulation of the physics of cars, a graphic display of the race, and a robot driver for each car.


This small program allows you to play a video directly from a RAR file and do so in real-time. Both VLC and MPlayer are supported video players.


RAReXtract is a Front-End for the UnRAR command line utility for Mac OS X 10.5 (Leopard). Its purpose is the rapid and convenient extraction of RAR archives with a double click.

RAR Expander

Rar Expander is a MacOSX program which extracts the files contained in single or multi-volume RAR archives. It uses the official unRAR library internally so it is fully compatible with archives produced by WinRAR.


This program uses a brute force algorithm to guess your encrypted compressed file\'s password. If you forget your encrypted file password, this program is the solution. This program can crack zip,7z and rar file passwords.


RArcInfo is a package for R ( to import data from binary Arc/Info V7.X coverages and E00 files . This will allow R users to used it as a primary GIS tool.

rar brute force shell script - rarbrute

This is rarbrute, a shell script to brute force encrypted rar files under unix and linux. A long wordlist and a paper about security in internet cafes is included.

Raquel Database System

The system will : 1. use RAQUEL (= Relational Algebra Query, Update and Executive Language) for programming, implementing Third Manifesto principles. 2. have a 'Lego-like' architecture of building blocks and plug-ins, for wider applicability.


RAPv4 is an engine for building web application with only a business description (in XML format). NEW 04/2006 : Stable 2006 release. Add new functions like mail, sms, web services, graph, map engine (GIS), Excel output, QBE... and also a beta release of


2d Scroller. Clone of Raptor: Call of the Shadows and Tyrian. Fun game written in c++ using allegro.


Lightweight XML based transformation tool written in C that builds upon expat, tidylib and XSLT to tranform authored web content (incl. Word processor generated HTML) into styled web content suitable for publication.


RapidSMS is an open-source internet and communications platform


RapidSmith is a research-based FPGA CAD tool framework written in Java for modern Xilinx FPGAs. Based on XDL, its objective is to serve as a rapid prototyping platform for research ideas and algorithms relating to low level FPGA CAD tools.

Rapidshare Mass Downloader

What this program does is bringing out human interaction while downloading files from rapidshare(without premium account). It downloads all the rapidshare links sequentially to the specified location.

rapido visual profiler

rapido is a visual profiler for linux-x86. It traces function call using the ptrace interface and displays the information collected in a nice visual flow chart. rapido does not require the re-compilation of the application.