Error using the Proxy

[I-am-not-a-number]

Hi there,

I've been trying poodle-exploit.py using cygwin, Raspbian and Kali. Everytime I try connect from a browser (I tried Firefox, Chrome (Win/Android), IE 6/8) I just got the error message below.

I used the latest versions/updates (except for IE 6/8 ;-)) and used a manual proxy config.

Anything else I can try?

pi@raspberrypi:~/poodle-PoC $ python3 poodle-exploit.py 192.168.1.8 8443 testssl.sh.says.I.am.vulnerable 443
Proxy is launched on '192.168.1.8' port 8443
Passive mode enabled by default

Type help to show all command line, passive mode is by default enabled

> ----------------------------------------
Exception happened during processing of request from ('192.168.1.100', 51339)
Traceback (most recent call last):
  File "poodle-exploit.py", line 214, in handle
    traffic.protocol_current = traffic.protocol_all[version][0]
KeyError: 20302

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.5/socketserver.py", line 313, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib/python3.5/socketserver.py", line 341, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib/python3.5/socketserver.py", line 354, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.5/socketserver.py", line 681, in __init__
    self.handle()
  File "poodle-exploit.py", line 218, in handle
    traffic.protocol_current = traffic.protocol_all[length][0]
KeyError: 20037```


Thanks and Cheers!

[mpgn]

hello,

can you share a pcap capture of the exchange between the client and the server ?

The error is normal since version 20302 doesn't not exist. It should be 302 -> TLSv1.1
Check this line: https://github.com/mpgn/poodle-PoC/blob/master/poodle-exploit.py#L211

20 -> change_cipher_spec
302 -> TLSv2.0

[dillonfranke]

Hi there,

@I-am-not-a-number I'm having the same exact issue as you. Did you ever figure out what was wrong?

Looks like a great exploit @mpgn, I just want to get it working!

Thanks,

[I-am-not-a-number]

Sorry @dillonfranke I never got it working ...

Cheers!

[dillonfranke]

@I-am-not-a-number thanks for the reply! I actually got that part of the exploit working. I was directly sending requests from Firefox to the exploit proxy (via proxy settings in Firefox preferences). I printed out the "ssl_header" and noticed that it was populated with the "CONNECT" and "GET" requests. Adding the --simpleProxy flag fixed this for me!

@mpgn feel free to close this issue, but I would recommend adding some more information about the --simpleProxy flag, as I didn't even realize it exist before debugging for a long time. I'm happy to write up some info in the README and make a PR if you like!

[skypean]

@dillonfranke I still encounter the problem after adding the simpleProxy options. My full command is
python3 poodle-exploit.py [MY_CLIENT_IP] 8080 [WEB_SERVER_IP] 443 --simpleProxy 8080

Is there anything wrong at here? Can you please tell me