locator (URL) by specifying
http://
instead of
https://
, you would find that the server
converts the connection automatically to
https
for you.
The thing about SSL/TLS, though, is that encryption requires processing power.
Modern processors are more than capable of keeping up with normal encryption
loads, especially as modern encryption algorithms are generally efficient with pro‐
cessor utilization. However, any server that uses SSL/TLS incurs a lot of processing
overhead. First, the messages that are sent from the server are generally larger, which
means that it takes more processing to encrypt those larger messages than the com‐
parably small messages originating from a client. Additionally, the client system is
probably sending only a few messages at a time whereas the server is expected to be
encrypting messages to a number of concurrent clients, which may all have multiple
concurrent connections going to the server. The load primarily comes from the cre‐
ation of the keys that are needed to encrypt the session.
Capabilities exist in Kali to target outdated services and capabilities. The problem is
that some of these long superseded programs still remain in service in a lot of places.
As a result, it’s still important to be able to test them. One of those services is the SSL
encryption. The final denial-of-service testing program we’ll look at here targets
servers that use SSL. SSL is generally no longer in use, having been supplanted by bet‐
ter technology, but that’s not to say that you won’t run across one. The program
thc-
ssl-dos
targets servers based on the idea that encryption is computationally expensive,
especially on the server side.
Example 2-8
shows a run of
thc-ssl-dos
against a server that has been configured to
use SSL. However, the issues with SSL have been known for so long that the underly‐
ing libraries often have SSL disabled. In spite of running against an older installation,
you can see that the program was unable to achieve a complete SSL handshake. How‐
ever, if you were to find a server that did have SSL configured, you would be able to
test whether it was vulnerable to a denial of service.
Example 2-8. SSL DoS using thc-ssl-dos utility
root@rosebud:~# thc-ssl-dos -l
100
192.168.86.239
443
--accept
______________ ___ _________
