So, recently i have taken an interest in SSL but i still found some aspects of it confusing so if anyone could help me here i would be truly thankful.
1) Is POODLE still doable today? I know that all browsers killed sslv3 but tls1.0-1.1 is still vulnerable, but i cannot find any instructions on how to execute an poodle attack.
2) With HSTS in place can SSLSTRIP+ still bypass it? I saw in a github post about mitmf and as one of its features was listed SSLSTRIP+ - partially bypass HSTS.What does the wold partially really imply?
3) And the last question, what would you use to bypass SSL/TLS if you were limited to MITM methodologies
THANKS a million to whoever hears my cry.
Be the First to Respond
Share Your Thoughts