刚刚有研究人员公布了一种针对TLS/SSL的中间人攻击, 该攻击
1. exploitable (可操作性比较强)
2. 目前还没有解决方案, 等待各厂商出补丁.
3. 受影响的上层协议包括HTTPS,IMAP, SIP等等.
E.g., the attacker would send:
And leave the last line empty without a carriage return line feed. Then when the client makes his own request
the two requests get glued together into:
And the server uses the victim's account to send a pizza to the attacker.
![vulnhub DC-4靶机实战0X01 环境部署[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)