nullcon 2011 - sslsmart – smart ssl cipher enumeration
DESCRIPTION
SSLSmart – Smart SSL Cipher Enumeration by Gursev Singh KalraTRANSCRIPT
SSLSmart – Smart SSL
Cipher Enumeration
Gursev Singh Kalra
nullcon | Feb26, 2011
www.foundstone.com
© 2010, McAfee, Inc.
Agenda
►Introduction
►Why Enumerate SSL Ciphers?
►Why SSLSmart?
►SSLSmart Demonstrations
►Q&A
www.foundstone.com
© 2010, McAfee, Inc.
Introduction
►Who am I?
■ Managing Consultant – Foundstone Professional
Services
■ Web Applications, Networks, Mobile Applications,
Research, Tools…
www.foundstone.com
© 2010, McAfee, Inc.
Why Enumerate SSL Ciphers?
►PCI Compliance
►Web Application Penetration Testing
►Network Assessments
►Insecure Crypto Implementation
www.foundstone.com
© 2010, McAfee, Inc.
Why SSLSmart?
Flexible WYSIWYG
Open Source and Cross Platform
Rich Reporting
SSLSmart
www.foundstone.com
© 2010, McAfee, Inc.
Flexibility
• Granular Cipher Control
• Certificate Verification
• Proxy Support
• Content and CONNECT Tests
www.foundstone.com
© 2010, McAfee, Inc.
What You See Is What You Get
www.foundstone.com
© 2010, McAfee, Inc.
Open Source and Cross Platform
• Works with Ruby 1.8.6, 1.8.7, 1.9.1 & 1.9.2
• Tested on Windows, Linux
www.foundstone.com
© 2010, McAfee, Inc.
Rich Reporting
• Text
• HTML
• XML
www.foundstone.com
© 2010, McAfee, Inc.
SSLSmart Demonstrations
►SSLSmart GUI
►Custom scripts using SSLSmart API’s
www.foundstone.com
© 2010, McAfee, Inc.
Queries
