Forum Thread: Few Questions About SSL/TLS.

So, recently i have taken an interest in SSL but i still found some aspects of it confusing so if anyone could help me here i would be truly thankful.

1) Is POODLE still doable today? I know that all browsers killed sslv3 but tls1.0-1.1 is still vulnerable, but i cannot find any instructions on how to execute an poodle attack.

2) With HSTS in place can SSLSTRIP+ still bypass it? I saw in a github post about mitmf and as one of its features was listed SSLSTRIP+ - partially bypass HSTS.What does the wold partially really imply?

3) And the last question, what would you use to bypass SSL/TLS if you were limited to MITM methodologies

THANKS a million to whoever hears my cry.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active