PoC-Curveball (CVE-2020-0601)

Proof Of Concept for the Curveball vulnerability for the course Cryptography and Security - FH Münster

Andres David Vega Botero
Andres Felipe Herrera Upegui

Source: ollypwn (https://github.com/ollypwn/CurveBall)

Set Up

is meant to run on linux with the following packages:

openssl openssl 1.1.0 ruby 2.4.0 node 10.19.0

Preparing node.js

Go to the TLS directory

cd TLS

install express

npm install express

How to use

Create the spoofed certificate and run a server

run the POC Bash script, it will run the POC and creates a node server

bash PoC.sh

Change the hosts file in the target

find the hosts file in windows

c:\Windows\System32\Drivers\etc\hosts

add the following:

<Host IP> www.fh-muenster.de

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
OriginalCertificates		OriginalCertificates
TLS		TLS
.gitattributes		.gitattributes
.gitignore		.gitignore
PoC.rb		PoC.rb
PoC.sh		PoC.sh
README.md		README.md
openssl_cs.conf		openssl_cs.conf
openssl_tls.conf		openssl_tls.conf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

PoC-Curveball (CVE-2020-0601)

Set Up

Preparing node.js

How to use

Create the spoofed certificate and run a server

Change the hosts file in the target

Curveballed!

About

Uh oh!

Releases

Packages

Uh oh!

Languages

AdavVegab/PoC-Curveball

Folders and files

Latest commit

History

Repository files navigation

PoC-Curveball (CVE-2020-0601)

Set Up

Preparing node.js

How to use

Create the spoofed certificate and run a server

Change the hosts file in the target

Curveballed!

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages