Identifying POODLE vulnerability
As mentioned in our previous recipe, Obtaining HTTPS parameters with SSLScan, it is possible, in some conditions, for a man-in-the-middle attacker to downgrade the secure protocol and cipher suites used in an encrypted communication.
A Padding Oracle On Downgraded Legacy Encryption (POODLE) attack uses this condition to downgrade a TLS communication to SSLv3 and forces the use of cipher suites (CBC) that can be easily broken and then the communication decrypted.
In this recipe, we will use an Nmap script to detect the existence of such a vulnerability on our test server.
Getting ready
We will have to install Nmap and download the script made specially to detect this vulnerability:
Go to
http://nmap.org/nsedoc/scripts/ssl-poodle.html.Download the
ssl-poodle.nsefile.Let's say, it was downloaded to
/root/Downloadsin your Kali Linux installation. Now open a terminal and copy it to the Nmap'sscriptsdirectory:cp /root/Downloads/ssl-poodle.nse /usr/share/nmap/scripts...
