Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13191] Malformed Packet

Wireshark-bugs: [Wireshark-bugs] [Bug 13191] Malformed Packet - SSL

Date: Thu, 01 Dec 2016 19:52:18 +0000

What	Removed	Added
Status	CONFIRMED	RESOLVED
Resolution	---	NOTABUG

Comment # 1 on bug 13191 from Peter Wu

The capture seems malformed.

Frame 11 + 12, reassembled:
[Client Hello ...]
[elliptic_curves extension ...]
00 00  Extension Type: Server Name Indication (0)
17 00  Extension Length: 5888 (!)


Interpreting it in a slightly different way:
[Client Hello ...]
[elliptic_curves extension ...]
00 00  Extension Type: Server Name Indication (0)
17 00 15 00  (?? what is this garbage)
00 12  Length: 18
77 77 77 2e 73 61 6d 73 75 6e 67 6f 74 6e 2e 6e 65 74  www.samsungotn.net
00 0b  Extension Type: EC Point Formats
00 04  Length: 4
03 00 01 02
00 0a  Extension Type: supported_groups (renamed from elliptic_curves)
00 34  Length: 52
00 32 00 01 00 02 00 03 00 04 00 ...

This makes no sense, your MITM tool is broken, it is producing garbage that
(rightfully) makes the server reset the connection.

Though for some weird reason, frame 199 does contain a Server Hello (in
response to the malformed Client Hello in frame 198). Is this an attempt to
exploit a vulnerability?

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 13174] Export Objects dialog in GTK crashes due to wrong memory scope
Next by Date: [Wireshark-bugs] [Bug 13180] Conversation dialog crash
Previous by thread: [Wireshark-bugs] [Bug 13191] Malformed Packet - SSL
Next by thread: [Wireshark-bugs] [Bug 13191] Malformed Packet - SSL
Index(es):
- Date
- Thread