Tuesday, 30 December 2014

Do you think HTTPS is Secure? But its Not !

Do you think HTTPS is Secure? But its Not !

Do you want to test your Server for BEAST & CRIME Attacks?

Do you want to have an overview on how secure is your encryption also indicating the Supported Suites & Protocols?

TestSSLServer will give you all of them in just one tool!.

All you have to do is visit their main website:

Link: http://www.bolet.org/TestSSLServer/

Then run which package you desire:

-) Java Application

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.jar

-) Windows Executable Version

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.exe

Once you will have downloaded it, just drag the app into the Windows Command-Promt and press Enter:

When you are there, you will need to enter the server details, for this use this syntax:

usage: TestSSLServer servername [ port ]

Example: mysubdomain.apple.com 443 **(You can also insert your local address if you have any Server running into it)

As you can see, one of Apple's subdomain is Vulnerable to POODLE Attack since it has SSLv3 Enabled.

It can be attacked from the HTTPS Secure Port - :443 .

We can see that the Vulnerable SSLv3 Cipher Suites are:


...but our Target is also Vulnerable to BEAST Attack as reported below!.

BEAST status: vulnerable

But it's not the end!.

This great Tool also give you relevant informations regarding the Security of your Keys!

My target got it STRONG, it means that a Possible Attacker may concour in some difficulties for Crack the Server Key!.

See Below!:

Minimal encryption strength:    strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)

If is STRONG, The Hacker may be not facilited but NOT unabilited for CRACK your Web-Server Keys.

At the end, this tool also give you the details about the Security Certificate that the server is running!.

Example mine comes from Cupertino, California!.

Definitively, you should try it at all!.