Add malicious_server README

proof-of-concept-exploits/openssl-punycode-vulnerability/malicious_server/README.md

@@ -0,0 +1,41 @@
+Several scripts are available to ease the generation of server certificates so as to running client / server commands for testing purpose with gdb.
+
+# run.sh
+
+## run_server
+
+This command bootstraps the malicious server.
+
+```run.sh run_server```
+
+1. Fetch OpenSSL 3.0.7 source code, statically compile it with debug symbols. It also adds CFLAGS to generate expand files, useful to generate call graph.
+2. Build server certificate chains
+3. start server with openssl binary compiled at step1.
+
+## run_vuln_client
+
+This command bootstraps the vulnerable client.
+
+```run.sh run_vuln_client```
+
+1. Fetch OpenSSL 3.0.6 source code, statically compile it with debug symbols. It also adds CFLAGS to generate expand files, useful to generate call graph.
+2. start client gdb session with openssl binary compiled at step1. Gdb commands will:
+  * set a breakpoint on the vulnerable function
+
+## compile
+
+```run.sh compile openssl-3.0.6```
+
+Fetches OpenSSL source code based on provided version, statically compiles it with debug symbols. It also adds CFLAGS to generate expand files, useful to generate call graph.
+
+## build_server
+
+```run.sh build_server```
+
+Rebuilds the server certificate chains. Useful if you updated the server configuration and just want to use the new certs.
+
+## clean
+
+```run.sh clean clean_server```
+
+These commands will delete all files created at build step. You can clean globally by calling clean, or just for server with clean_server.