Wireshark-bugs: [Wireshark-bugs] [Bug 13191] Malformed Packet - SSL
Date: Thu, 01 Dec 2016 19:52:18 +0000

changed bug 13191


What Removed Added
Status CONFIRMED RESOLVED
Resolution --- NOTABUG

Comment # 1 on bug 13191 from
The capture seems malformed.

Frame 11 + 12, reassembled:
[Client Hello ...]
[elliptic_curves extension ...]
00 00  Extension Type: Server Name Indication (0)
17 00  Extension Length: 5888 (!)


Interpreting it in a slightly different way:
[Client Hello ...]
[elliptic_curves extension ...]
00 00  Extension Type: Server Name Indication (0)
17 00 15 00  (?? what is this garbage)
00 12  Length: 18
77 77 77 2e 73 61 6d 73 75 6e 67 6f 74 6e 2e 6e 65 74  www.samsungotn.net
00 0b  Extension Type: EC Point Formats
00 04  Length: 4
03 00 01 02
00 0a  Extension Type: supported_groups (renamed from elliptic_curves)
00 34  Length: 52
00 32 00 01 00 02 00 03 00 04 00 ...

This makes no sense, your MITM tool is broken, it is producing garbage that
(rightfully) makes the server reset the connection.

Though for some weird reason, frame 199 does contain a Server Hello (in
response to the malformed Client Hello in frame 198). Is this an attempt to
exploit a vulnerability?


You are receiving this mail because:
  • You are watching all bug changes.