Cannot Decryption on Chrome 15.0
jafmanho opened this issue · 8 comments
In my case, i use the version 15.0.849.0 of google chrome to be the victim and the web server use beebox. When i try to "active" the program (poodle-exploit.py), the client's browse will show "this webpage is not available". But the program can run "passive", "downgrade" and "search"
The screen cap is following below. May i know what is the reason cause this issues? Thanks a lot!!!!
Can you try it with firefox ?
thanks for your reply. i have tried firefox the latest version, version 6.0 and 8.0 (beta1). But it still cannot. I am not sure is it somethings need to config in firefox. If use firefox, the downgrade function cannot work which show the sending handshake failure.
First, force SSLv3 in firefox, if it's work then try with the downgrade.
- Enable only SSLv3:
about:config
and setsecurity.tls.version.min:0
andsecurity.tls.version.fallback-limit:0
andsecurity.tls.version.max:0
. - Run a sslscan and confirm that only SSLv3 is enabled
- Check if only the CBC mode is available, if not change the conf of the webserver to set only CBC cipher suites
ex with nginx:
ssl_protocols SSLv3;
ssl_ciphers DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
- Try to run the exploit
I will check if I found the configuration of the nginx and the version today
What's your version of Firefox ?
The latest version and version 6.0 is also same result
Lastest version of Firefox is indeed not vulnerable, as for version 6.0 of firefox it may be to old. I remember using the version 30 on a windows xp with a vulnerable version of OpenSSL of course (OpenSSL 1.0.1h).
I will try to post all info of my lab this week end.