poodle-PoC icon indicating copy to clipboard operation
poodle-PoC copied to clipboard

Published 20 hours ago verified publisher icon mpgn

Fix exploit on chrome

Open mpgn opened this issue 6 years ago • 2 comments

On chrome, the exploit doesn't work because of multiple exceptions that break completely the socket connection. Those errors were not raised on firefox.

Edit: fix

try:
       (content_type, version, length) = struct.unpack('>BHH', ssl_header)
except struct.error as err:
       return

mpgn avatar Apr 30 '18 18:04 mpgn

Another problem:

image

Chrome (2 requests) VS Firefox (1 request)

Every request send to the server with chrome is followed by another request, the favivon !

mpgn avatar May 01 '18 13:05 mpgn

Well, chrome doesn't handle data like firefox... After sending multiple request with javascript, the server always return hmac error even if there is no hmac error. Very very strange

mpgn avatar May 01 '18 20:05 mpgn