[Ach] git pull: android ciphers, and tools
christian mock
cm at coretec.at
Sat Nov 16 20:58:51 CET 2013
Despite the efforts of the Android SDK to the contrary, I managed to
extract all the cipherlists from Android 1.5 up to 4.4, see
unsorted/ssl/.
I also created a new directory /tools with the scripts used for that;
the one that could be interesting for others is
sniff-client-ciphers.pl, which takes a packet capture file (any format
tshark can read), finds the first SSL client handshake packet, and
dumps the cipherlists, TLS version, extensions etc to stdout.
This might come in handy for checking the capabilities of clients that
cannot display a web page, such as mail or XMPP clients.
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list