### [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

### POC

#### Reference
- http://vnhacker.blogspot.com/2011/09/beast.html
- http://www.ibm.com/developerworks/java/jdk/alerts/
- http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006

#### Github
- https://github.com/AKApul/03-sysadmin-09-security
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/Astrogeorgeonethree/Starred
- https://github.com/Astrogeorgeonethree/Starred2
- https://github.com/Atem1988/Starred
- https://github.com/BroDaber/kitcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/Dalifo/wik-dvs-tp02
- https://github.com/Dariani223/DevOpsFinal
- https://github.com/EradactedRock/BEAST-Attack-Hardening
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/Live-Hack-CVE/CVE-2011-3389
- https://github.com/MelonPy/BEAST
- https://github.com/Myash-New/05-virt-04-docker-in-practice
- https://github.com/Nissiuser/Vulnerability-Scan-Report
- https://github.com/Officerwasu/Elevate-Labs-Task-3
- https://github.com/PS-RANASINGHE/Crypto-Ex---7
- https://github.com/PajakAlexandre/wik-dps-tp02
- https://github.com/Telooss/TP-WIK-DPS-TP02
- https://github.com/Untouchable17/HTTP-ExploitKit
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/VpSanta3/Rscan
- https://github.com/WiktorMysz/devops-netology
- https://github.com/aaronamran/Vulnerability-Scanning-Lab-with-OpenVAS-and-Metasploitable2
- https://github.com/akaganeite/CVE4PP
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/ardhiatno/ubimicro-fluentbit
- https://github.com/aynalayn/projekt.BPC-AKR.ukol6
- https://github.com/bysart/devops-netology
- https://github.com/catsploit/catsploit
- https://github.com/cdupuis/image-api
- https://github.com/daniel1302/litecoin
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/drewtwitchell/scancompare
- https://github.com/fokypoky/places-list
- https://github.com/garethr/snykout
- https://github.com/gatecheckdev/gatecheck
- https://github.com/genuinetools/reg
- https://github.com/geon071/netolofy_12
- https://github.com/hero2zero/burp-ssl-scanner-plus-plus
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/kiperZZZ/BEAST
- https://github.com/levyborromeo/Vulnerability-Remediation
- https://github.com/lithekevin/Threat-TLS
- https://github.com/mauraneh/WIK-DPS-TP02
- https://github.com/mmbazm/secure_license_server
- https://github.com/mpgn/BEAST-PoC
- https://github.com/mssky9527/Rscan
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/orgTestCodacy11KRepos110MB/repo-3654-reg
- https://github.com/pashicop/3.9_1
- https://github.com/password123456/setup-apache-http-server-with-shorts-security-best-practice
- https://github.com/password123456/setup-nginx-http-server-with-security-best-practice
- https://github.com/poikl246/DevSecOps-2024-v2
- https://github.com/psibot/ssl-vulnerable
- https://github.com/shayilkhani/cryptographic-remediation-deployment
- https://github.com/stanmay77/security
- https://github.com/swod00/litecoin_demo
- https://github.com/tahaAmineMiri/agent_testssl
- https://github.com/tzaffi/testssl-report
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/yellownine/netology-DevOps