2024-05-26 14:27:05 +02:00
### [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389)
2025-09-29 21:09:30 +02:00
2024-05-26 14:27:05 +02:00
### Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
### POC
#### Reference
- http://vnhacker.blogspot.com/2011/09/beast.html
- http://www.ibm.com/developerworks/java/jdk/alerts/
- http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
#### Github
2025-09-29 21:09:30 +02:00
- https://github.com/AKApul/03-sysadmin-09-security
2024-05-26 14:27:05 +02:00
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/Astrogeorgeonethree/Starred
- https://github.com/Astrogeorgeonethree/Starred2
- https://github.com/Atem1988/Starred
2025-09-29 21:09:30 +02:00
- https://github.com/BroDaber/kitcat
2024-05-26 14:27:05 +02:00
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/Dalifo/wik-dvs-tp02
2025-09-29 21:09:30 +02:00
- https://github.com/Dariani223/DevOpsFinal
- https://github.com/EradactedRock/BEAST-Attack-Hardening
2024-05-26 14:27:05 +02:00
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/Live-Hack-CVE/CVE-2011-3389
2025-09-29 21:09:30 +02:00
- https://github.com/MelonPy/BEAST
- https://github.com/Myash-New/05-virt-04-docker-in-practice
- https://github.com/Nissiuser/Vulnerability-Scan-Report
- https://github.com/Officerwasu/Elevate-Labs-Task-3
- https://github.com/PS-RANASINGHE/Crypto-Ex---7
2024-05-26 14:27:05 +02:00
- https://github.com/PajakAlexandre/wik-dps-tp02
2025-09-29 21:09:30 +02:00
- https://github.com/Telooss/TP-WIK-DPS-TP02
- https://github.com/Untouchable17/HTTP-ExploitKit
2024-05-26 14:27:05 +02:00
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
2025-09-29 21:09:30 +02:00
- https://github.com/VpSanta3/Rscan
2024-05-26 14:27:05 +02:00
- https://github.com/WiktorMysz/devops-netology
2025-09-29 21:09:30 +02:00
- https://github.com/aaronamran/Vulnerability-Scanning-Lab-with-OpenVAS-and-Metasploitable2
- https://github.com/akaganeite/CVE4PP
2024-05-26 14:27:05 +02:00
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
2025-09-29 21:09:30 +02:00
- https://github.com/ardhiatno/ubimicro-fluentbit
- https://github.com/aynalayn/projekt.BPC-AKR.ukol6
2024-05-26 14:27:05 +02:00
- https://github.com/bysart/devops-netology
2024-06-22 09:37:59 +00:00
- https://github.com/catsploit/catsploit
2024-05-26 14:27:05 +02:00
- https://github.com/cdupuis/image-api
- https://github.com/daniel1302/litecoin
- https://github.com/dmitrii1312/03-sysadmin-09
2025-09-29 21:09:30 +02:00
- https://github.com/drewtwitchell/scancompare
2024-05-26 14:27:05 +02:00
- https://github.com/fokypoky/places-list
- https://github.com/garethr/snykout
- https://github.com/gatecheckdev/gatecheck
- https://github.com/genuinetools/reg
- https://github.com/geon071/netolofy_12
2025-09-29 21:09:30 +02:00
- https://github.com/hero2zero/burp-ssl-scanner-plus-plus
2024-05-26 14:27:05 +02:00
- https://github.com/ilya-starchikov/devops-netology
2025-09-29 21:09:30 +02:00
- https://github.com/kiperZZZ/BEAST
- https://github.com/levyborromeo/Vulnerability-Remediation
- https://github.com/lithekevin/Threat-TLS
2024-05-26 14:27:05 +02:00
- https://github.com/mauraneh/WIK-DPS-TP02
2025-09-29 21:09:30 +02:00
- https://github.com/mmbazm/secure_license_server
2024-05-26 14:27:05 +02:00
- https://github.com/mpgn/BEAST-PoC
2025-09-29 21:09:30 +02:00
- https://github.com/mssky9527/Rscan
2024-05-26 14:27:05 +02:00
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/orgTestCodacy11KRepos110MB/repo-3654-reg
- https://github.com/pashicop/3.9_1
2024-08-27 19:05:50 +00:00
- https://github.com/password123456/setup-apache-http-server-with-shorts-security-best-practice
2025-09-29 21:09:30 +02:00
- https://github.com/password123456/setup-nginx-http-server-with-security-best-practice
- https://github.com/poikl246/DevSecOps-2024-v2
- https://github.com/psibot/ssl-vulnerable
- https://github.com/shayilkhani/cryptographic-remediation-deployment
2024-05-26 14:27:05 +02:00
- https://github.com/stanmay77/security
- https://github.com/swod00/litecoin_demo
2025-09-29 21:09:30 +02:00
- https://github.com/tahaAmineMiri/agent_testssl
2024-05-26 14:27:05 +02:00
- https://github.com/tzaffi/testssl-report
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/yellownine/netology-DevOps
