CVE-2016-9244

This exploit demonstrates the Ticketbleed vulnerability (CVE-2016-9244) in F5 BIG-IP devices by leaking session IDs through malformed TLS session tickets. It uses Scapy with SSL/TLS extensions to craft and send malicious TLS handshake packets.

This exploit targets CVE-2016-9244, a memory leakage vulnerability in F5 BIG-IP SSL virtual servers. It checks for vulnerability and attempts to leak memory contents by sending crafted requests to the target.

This repository contains a functional exploit for CVE-2016-9244 (Ticketbleed), a vulnerability in F5 BIG-IP products that allows remote extraction of uninitialized memory. The tool is a modified version of Go's crypto/tls library, specifically altered to exploit the Ticketbleed flaw.

This repository contains a Minion plugin for detecting the Ticketbleed vulnerability (CVE-2016-9244) in F5 TLS implementations. It includes a Go-based scanner derived from Filippo Valsorda's work, integrated into a Minion framework for automated vulnerability assessment.