https://github.com/otsmr/vulntls

Collection of TLS vulnerabilities ready to be exploited.
https://github.com/otsmr/vulntls

elliptic-curve-cryptography timing-attacks tls13

Last synced: 6 months ago
JSON representation

Collection of TLS vulnerabilities ready to be exploited.

• Host: GitHub
• URL: https://github.com/otsmr/vulntls
• Owner: otsmr
• Created: 2023-04-06T11:28:57.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2023-12-21T11:51:08.000Z (over 1 year ago)
• Last Synced: 2023-12-21T14:05:36.642Z (over 1 year ago)
• Topics: elliptic-curve-cryptography, timing-attacks, tls13
• Language: Rust
• Homepage:
• Size: 29.3 KB
• Stars: 6
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# VulnTLS

VulnTLS is a series of CTF challenges. The series implements several

vulnerabilities. Most of the vulnerabilities were already present in common TLS

implementations. The series provides a basic understanding of TLS and typical

implementation vulnerabilities, with a focus on cryptography.

In this repository there are different setups to exploit the different

vulnerabilities. For this it uses the vulnerable implementation, which has its

own [branch](https://github.com/otsmr/AnotherTLS/tree/vulntls) in the

AnotherTLS repository.

# Vulnerabilities

The vulnerabilities are marked with there difficulty (EASY, HARD, EXTREME). The

evaluation is of course subjective and designed for a bachelor student.

## Psychic signatures (EASY)

Bypass the client certificate authentication!

Run the [challenge](./psychic_signatures/README.md).

```sh

cargo run --bin psychic_signatures

```

## Timing issues (HARD)

Get the private key of the server!

Run the [challenge](./timing_issues/README.md).

```sh

cargo run --bin timing_issues

```

## Dual_EC (HARD)

Decrypt the captured connection!

See [challenge](./dual_ec/README.md) for more.