I have a question, can you help me?
meetgyn opened this issue · 1 comments
"I have a question, can you help me:
I conducted a scan test, and it worked perfectly. Now, here's my question: does it only serve to detect the vulnerability, or can I actually carry out an attack? I ask this because I'm trying to create a lab to demonstrate to my penetration testing clients."
It does not perform the attack. The scanner simply checks whether your client / server supports one of the vulnerable encryption modes as well as "strict kex" as the suggested countermeasure. However, you can find PoCs implemented as TCP proxies for the attacks presented in our paper here: RUB-NDS/Terrapin-Artifacts
I will be closing this issue since this should answer your question sufficiently. If not, feel free to reopen.