剛剛有研究人員公布了一種針對TLS/SSL的中間人攻擊, 該攻擊
1. exploitable (可操作性比較強)
2. 目前還沒有解決方案, 等待各廠商出更新檔.
3. 受影響的上層協定包括HTTPS,IMAP, SIP等等.
E.g., the attacker would send:
And leave the last line empty without a carriage return line feed. Then when the client makes his own request
the two requests get glued together into:
And the server uses the victim's account to send a pizza to the attacker.
![vulnhub DC-4靶機實戰0X01 環境部署[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)