SlideShare uma empresa Scribd logo

Ssl attacks

n|u - The Open Security Community
n|u - The Open Security Community

null Mumbai Chapter October 2013 Meet

EducaçãoTecnologia
1 de 37
Baixar para ler offline
SSL ATTACKS Asif H. Balasinor Security Analyst NII Consulting
SSL ATTACKS • BEAST • CRIME • BREACH
BEAST •Browser Exploit Against SSL/TLS. •BEAST is a client side attack. It does not affect servers. •The BEAST mounts a chosen plain text attack on the data transmitted from a client to a SSL enabled web server. •The attack only works on Block ciphers such as AES, DES . Stream ciphers are unaffected by the attack
SSL BEAST PREREQUISTES • The SSL enabled web server must be running version of SSL 3.0 or lower or TLS 1.0. • It must support Block ciphers CBC. • The attacker must be able to mix his content with the SSL content. • The attacker must implement a Man-in-themiddle(MITM) so that he can observe the SSL traffic.
CIPHER BLOCK CHAINING
BEAST in action Consider the block x: • Cx-1 ⊕Tx Cx-1 is the cipher text of the previous block x-1 and the IV of the current block. Tx is the plain text password of the user. Cx = E(Cx-1 ⊕Tx) Cx is the resulting cipher text after encryption This will be the IV of the next block, say IV2.
The attacker injects the following in the SSL traffic in block (x+1) • IV2⊕ Cx-1 ⊕ P IV2 is the IV of the current block and the cipher of the previous block Cx Cx-1 is the IV of the previous block P is the attacker’s guess of the plaintext password of the victim.
• The XOR function looks like this (IV2⊕ Cx-1 ⊕ P)⊕IV2 • The two IV2s are XORed and cancel each other giving Cx-1⊕P Cx+1 = E(Cx-1⊕P) If, Cx= Cx+1, then P=Tx the attacker has successfully guessed the password.
BEATING THE BEAST • The most preferred way is to use TLS 1.1 or TLS 1.2. • If using a lower version of TLS or if the server is using SSL then use a stream cipher such as RC4.
CRIME • Compression Ratio Info-leak Made Easy • CRIME exploits the data compression feature of SSL and TLS. • CRIME attack works only when both the browser and server support TLS compression.
PREREQUISITES FOR ATTACK • The server must support SSL/TLS compression • The attacker must be able to mix his content with the SSL/TLS traffic • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim
CRIME INTERNALS • SSL/TLS compression use an algorithm called DEFLATE • DEFLATE compresses the HTTP requests by eliminating duplicate strings • Every instance of a duplicate string is replaced by a pointer to the first occurrence of the string • More redundant data will lead to more compression and thus smaller will be the length of the HTTP request
CRIME in action • Cookie: secret=341267 • The attacker knows that the session token contains Cookie: secret= • The attacker will keep changing the string after secret= and try to brute force the value
POST / HTTP/1.1 Host: importantserver.com Cookie: secret=341267 ... Cookie: secret=1 • DEFLATE recognizes that there is more than one occurrence of Cookie: secret= part and replaces the second instance with a small token that points to the location of the Cookie: secret= of the first string
The length of the request changes by 15 bytes
Brute forcing the session token:Byte1, Iteration 1 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=1
No additional change in length
Brute forcing the session token:Byte1, Iteration 2 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=2
No additional change in length
Brute forcing the session token:Byte1, Iteration 3 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=3
The length of the request decreases by 1 more byte. Thus we have successfully guessed the first byte of the session token. The attacker can repeat the process to guess the second byte of the request keeping the first byte constant.
Mitigations • CRIME can be defeated by preventing the use of compression
BREACH • Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext • BREACH happens to be more powerful than CRIME as it is not really possible to turn off HTTP compression.
PREREQUISTES FOR ATTACK The prerequisites of the BREACH attack are as follows: • The application must support HTTP compression • User input should be reflected in the response • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim • The HTTP response should have some secret information like CSRF token
RESPONSE NOT REQUEST • The attack works by injecting data into the HTTP request and analyzing the length of the HTTP responses • Any variation in length of the response indicates a successful guess
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=attacker's_guess RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php? id=token=attacker’s_guess”>
The length of the request changes by 6 bytes.
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=a RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=a”>
No additional change in length
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=b RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=b”>
No additional change in length
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=c RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=c”>
The length changes by 1 extra byte. We have successfully guessed the first byte of the token
MITIGATIONS • Disabling HTTP compression • Separating secrets from user input • Randomizing secrets per request • Masking secrets (effectively randomizing by XORing with a random secret per request) • Length hiding (by adding random amount of bytes to the responses) • Rate-limiting the requests
Demo Video Links • Beast: http://www.youtube.com/watch?v=BTqAI DVUvrU • Crime: http://www.youtube.com/watch?v=gGPh HYyg9r4 • Breach:http://www.youtube.com/watch?v=pIKIX QNFplY&hd=1 •
Ssl attacks

Recomendados

SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLEJerome Smith
 
Poodle
PoodlePoodle
PoodleShreyas Kothari
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
SSL Layer
SSL LayerSSL Layer
SSL LayerTrinh Phuc Tho
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 

Recomendados

SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLEJerome Smith
 
Poodle
PoodlePoodle
PoodleShreyas Kothari
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
SSL Layer
SSL LayerSSL Layer
SSL LayerTrinh Phuc Tho
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
How ssl works
How ssl worksHow ssl works
How ssl worksSaptarshi Basu
 
SSL
SSLSSL
SSLtheekuchi
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackAlexandre Moneger
 
Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEASTStefan Fodor
 
Malicious file upload attacks - a case study
Malicious file upload attacks - a case studyMalicious file upload attacks - a case study
Malicious file upload attacks - a case studyOktawian Powazka
 

Mais conteúdo relacionado

Mais procurados

TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackAlexandre Moneger
 

Mais procurados (20)

TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
SSL overview
SSL overviewSSL overview
SSL overview
 
SSL
SSLSSL
SSL
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
SSL intro
SSL introSSL intro
SSL intro
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
How ssl works
How ssl worksHow ssl works
How ssl works
 
SSL
SSLSSL
SSL
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stack
 

Destaque

Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEASTStefan Fodor
 
Malicious file upload attacks - a case study
Malicious file upload attacks - a case studyMalicious file upload attacks - a case study
Malicious file upload attacks - a case studyOktawian Powazka
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfYurii Bilyk
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
CamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacksCamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacksJerome Smith
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyJerome Smith
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Simone Onofri
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

Destaque (17)

Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEAST
 
Malicious file upload attacks - a case study
Malicious file upload attacks - a case studyMalicious file upload attacks - a case study
Malicious file upload attacks - a case study
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Internet cookies
Internet cookiesInternet cookies
Internet cookies
 
CamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacksCamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacks
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwerty
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
 
Click Jacking
Click JackingClick Jacking
Click Jacking
 
Clickjacking Attack
Clickjacking AttackClickjacking Attack
Clickjacking Attack
 
Click jacking
Click jacking Click jacking
Click jacking
 
Click jacking
Click jackingClick jacking
Click jacking
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Semelhante a Ssl attacks

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
network attacks
network attacks network attacks
network attacks MuskanSony
 
Study and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer SecurityStudy and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer SecurityNazmul Hossain Rakib
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 

Semelhante a Ssl attacks (20)

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLS
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Web Security
Web SecurityWeb Security
Web Security
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
network attacks
network attacks network attacks
network attacks
 
Study and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer SecurityStudy and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer Security
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
Types of attack
Types of attackTypes of attack
Types of attack
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Transportsec
TransportsecTransportsec
Transportsec
 
Security - ch5.ppt
Security - ch5.pptSecurity - ch5.ppt
Security - ch5.ppt
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 

Mais de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mais de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 

Último (20)

Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 

Ssl attacks

  • 1. SSL ATTACKS Asif H. Balasinor Security Analyst NII Consulting
  • 2. SSL ATTACKS • BEAST • CRIME • BREACH
  • 3. BEAST •Browser Exploit Against SSL/TLS. •BEAST is a client side attack. It does not affect servers. •The BEAST mounts a chosen plain text attack on the data transmitted from a client to a SSL enabled web server. •The attack only works on Block ciphers such as AES, DES . Stream ciphers are unaffected by the attack
  • 4. SSL BEAST PREREQUISTES • The SSL enabled web server must be running version of SSL 3.0 or lower or TLS 1.0. • It must support Block ciphers CBC. • The attacker must be able to mix his content with the SSL content. • The attacker must implement a Man-in-themiddle(MITM) so that he can observe the SSL traffic.
  • 6.
  • 7. BEAST in action Consider the block x: • Cx-1 ⊕Tx Cx-1 is the cipher text of the previous block x-1 and the IV of the current block. Tx is the plain text password of the user. Cx = E(Cx-1 ⊕Tx) Cx is the resulting cipher text after encryption This will be the IV of the next block, say IV2.
  • 8. The attacker injects the following in the SSL traffic in block (x+1) • IV2⊕ Cx-1 ⊕ P IV2 is the IV of the current block and the cipher of the previous block Cx Cx-1 is the IV of the previous block P is the attacker’s guess of the plaintext password of the victim.
  • 9. • The XOR function looks like this (IV2⊕ Cx-1 ⊕ P)⊕IV2 • The two IV2s are XORed and cancel each other giving Cx-1⊕P Cx+1 = E(Cx-1⊕P) If, Cx= Cx+1, then P=Tx the attacker has successfully guessed the password.
  • 10. BEATING THE BEAST • The most preferred way is to use TLS 1.1 or TLS 1.2. • If using a lower version of TLS or if the server is using SSL then use a stream cipher such as RC4.
  • 11. CRIME • Compression Ratio Info-leak Made Easy • CRIME exploits the data compression feature of SSL and TLS. • CRIME attack works only when both the browser and server support TLS compression.
  • 12. PREREQUISITES FOR ATTACK • The server must support SSL/TLS compression • The attacker must be able to mix his content with the SSL/TLS traffic • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim
  • 13. CRIME INTERNALS • SSL/TLS compression use an algorithm called DEFLATE • DEFLATE compresses the HTTP requests by eliminating duplicate strings • Every instance of a duplicate string is replaced by a pointer to the first occurrence of the string • More redundant data will lead to more compression and thus smaller will be the length of the HTTP request
  • 14. CRIME in action • Cookie: secret=341267 • The attacker knows that the session token contains Cookie: secret= • The attacker will keep changing the string after secret= and try to brute force the value
  • 15. POST / HTTP/1.1 Host: importantserver.com Cookie: secret=341267 ... Cookie: secret=1 • DEFLATE recognizes that there is more than one occurrence of Cookie: secret= part and replaces the second instance with a small token that points to the location of the Cookie: secret= of the first string
  • 16. The length of the request changes by 15 bytes
  • 17. Brute forcing the session token:Byte1, Iteration 1 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=1
  • 18. No additional change in length
  • 19. Brute forcing the session token:Byte1, Iteration 2 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=2
  • 20. No additional change in length
  • 21. Brute forcing the session token:Byte1, Iteration 3 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=3
  • 22. The length of the request decreases by 1 more byte. Thus we have successfully guessed the first byte of the session token. The attacker can repeat the process to guess the second byte of the request keeping the first byte constant.
  • 23. Mitigations • CRIME can be defeated by preventing the use of compression
  • 24. BREACH • Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext • BREACH happens to be more powerful than CRIME as it is not really possible to turn off HTTP compression.
  • 25. PREREQUISTES FOR ATTACK The prerequisites of the BREACH attack are as follows: • The application must support HTTP compression • User input should be reflected in the response • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim • The HTTP response should have some secret information like CSRF token
  • 26. RESPONSE NOT REQUEST • The attack works by injecting data into the HTTP request and analyzing the length of the HTTP responses • Any variation in length of the response indicates a successful guess
  • 27. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=attacker's_guess RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php? id=token=attacker’s_guess”>
  • 28. The length of the request changes by 6 bytes.
  • 29. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=a RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=a”>
  • 30. No additional change in length
  • 31. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=b RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=b”>
  • 32. No additional change in length
  • 33. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=c RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=c”>
  • 34. The length changes by 1 extra byte. We have successfully guessed the first byte of the token
  • 35. MITIGATIONS • Disabling HTTP compression • Separating secrets from user input • Randomizing secrets per request • Masking secrets (effectively randomizing by XORing with a random secret per request) • Length hiding (by adding random amount of bytes to the responses) • Rate-limiting the requests
  • 36. Demo Video Links • Beast: http://www.youtube.com/watch?v=BTqAI DVUvrU • Crime: http://www.youtube.com/watch?v=gGPh HYyg9r4 • Breach:http://www.youtube.com/watch?v=pIKIX QNFplY&hd=1 •