Releases · tls-attacker/TLS-Attacker

08 Jun 20:49

mmaehren

3.8.0

74c7dd7

TLS-Attacker 3.8.0

Added new Smart Chooser Classes for smarter record size limits
Added TLS-Attacker proxy module prototype, which allows to use TLS-Attacker as SslSockets
Fixed a ClassCastException in the CertificateStatusParser
Removed the Attacks module. Scanning capabilities were move to https://github.com/tls-attacker/TLS-Scanner while exploits are currently reworked to be more user friendly within their own module
Fixed a Bug which caused TLS-Attacker to be unable to parse incoming records with more than ~127 bytes of padding in CBC mode
Fixed Timing Attacks TransportHandler.
Introduced overwriteable Callbacks before and after handshake execution
Introduced FFDH Named Groups
Better SessionID / SessionTicket support
TLS-Attacker is now running on Java 11
More control over DTLS fragment layer in workflowTrace
Better handling of DTLS retransmissions
TLS-Attacker can now also send DTLS retransmissions
Custom TLS PRF implementation (no longer relying on BC)
Introduced new "IGNORE_UNEXPECTED_KEY_UPDATE_MESSAGES" and "IGNORE_UNEXPECTED_APP_DATA" Action options
Introduced new actions: ChangeReadEpoch, ChangeReadSequenceNumber, ChangeWriteEpoch, ChangeWriteSequenceNumber, SendMessagesFromLastFlight and SendRecordsFromLastFlight
Introduced KeyUpdates for TLS 1.3
Removed TLS 1.3 draft code
Deleted Forensic Module
Fixed a bug which caused invalid nonces for ChachaPoly in DTLS
Added warnings when workflowtraces are loaded (manually) but they still contain "originalValues" from previous executions
Introduced RSA-SKE message (RSA-Export)
Fixed Illegal Reflective Access Bug (PseudoRandomFunction)
Reworked certificate generation scripts
Minor fixes and code improvements

Assets 2

18 Dec 12:48

ic0ns

3.2b

e465514

TLS-Attacker 3.2b

TLS-Attacker 3.2 with log4shell fix

Assets 2

17 Dec 16:36

ic0ns

3.7.2

9f686c1

TLS-Attacker 3.7.2

Fixes log4shell

Assets 2

16 Jun 11:33

JonSnowWhite

3.7.1

70f961d

TLS-Attacker 3.7.1

Fixed certificates

Assets 2

09 Jun 14:14

ic0ns

3.7.0

b4b6171

TLS-Attacker 3.7.0

Lots of minor improvements
Fix for NPE's that can occur during fuzzing with TLS-Attacker.
Fixed a bug that caused handshakes to fail with x448 and x25519 for servers
Fixed SKE signature generation for non-SECP256R1 ECDH handshakes
Updated Autoformatter & re-Formatted everthing
Implemented HRR for TLS 1.3
Added KeyUpdate
Removed PrettyPrinter for XML
Reworked Transport Module
Refactored ALPN Code
Added Dynamic Renegotiation WorkflowTraceType
Updated Readme
Fixed a bug where TLS-Attacker would write the signature length in anon cipher suites into SKE messages
Fixed a bug in the socket state determination
Added flag for CCS encryption in TLS 1.3
Added a flag to keep server sequence numbers (ccs)
Updated SCT code
Made XSD validation optional
Fixed chacha draft cipher suites
Fixed an infinite loop with f2m curves
Fixed CipherState reset in StreamCiphers
Implemented CookieExtension
Added serialisation possibilities for messages and actions

Assets 2

04 Nov 13:27

ic0ns

3.6.0

a5e9b78

TLS-Attacker 3.6.0

Java 11 support
Fixed flaw in signature and hash algorithm selection
Improved automatic Certificate selection
Updated Invalid Curve Attacker
Fixed createPointOnCurve for Secp224
Added createPointOnCurve for F2m curves
Added Constants for explicit elliptic curves
TLS 1.3 handshakes now correctly set the named group
Removed TLS 1.3 draft versions
Improved Timing Measurement code
Fixed a lot of flaws/exceptions which can occur if you do completely random modifications
Streamlined API's
Improved Starttls integration
Improved ESNI support
Changed alertLevel and description to enums in the config
Integrated OCSP support