VPN Vulnerability Testing Suite
Test VPN implementations for network based attacks
Recent publications have brought attention to vulnerabilities in most VPN implementations when faced with a network-based attacker levering attacks such as TunnelVision and TunnelCrack, among others. In light of these publications, this project develops a testing suite that covers every known edge case, allowing for a one-stop straightforward yet complete evaluation of whether a particular VPN client implementation is susceptible to said vulnerabilities.
The testing framework will be delivered as an open-source software component, free to be used and altered. The framework will also be extended with various attack variants that are not directly covered under the original TunnelCrack and TunnelVision research, such as behavior when operating on hostile IPv6 networks, and the recovery behavior after being subject to service interruption by an attacker. By integrating these tests into e.g. continuous integration and delivery infrastructure, developers of VPN applications can sustainably harden their software against these attacks.
Run by Midnight Blue
