SlideShare une entreprise Scribd logo

Ssl attacks

n|u - The Open Security Community
n|u - The Open Security Community

null Mumbai Chapter October 2013 Meet

FormationTechnologie
1  sur  37
Télécharger pour lire hors ligne
SSL ATTACKS Asif H. Balasinor Security Analyst NII Consulting
SSL ATTACKS • BEAST • CRIME • BREACH
BEAST •Browser Exploit Against SSL/TLS. •BEAST is a client side attack. It does not affect servers. •The BEAST mounts a chosen plain text attack on the data transmitted from a client to a SSL enabled web server. •The attack only works on Block ciphers such as AES, DES . Stream ciphers are unaffected by the attack
SSL BEAST PREREQUISTES • The SSL enabled web server must be running version of SSL 3.0 or lower or TLS 1.0. • It must support Block ciphers CBC. • The attacker must be able to mix his content with the SSL content. • The attacker must implement a Man-in-themiddle(MITM) so that he can observe the SSL traffic.
CIPHER BLOCK CHAINING
BEAST in action Consider the block x: • Cx-1 ⊕Tx Cx-1 is the cipher text of the previous block x-1 and the IV of the current block. Tx is the plain text password of the user. Cx = E(Cx-1 ⊕Tx) Cx is the resulting cipher text after encryption This will be the IV of the next block, say IV2.
The attacker injects the following in the SSL traffic in block (x+1) • IV2⊕ Cx-1 ⊕ P IV2 is the IV of the current block and the cipher of the previous block Cx Cx-1 is the IV of the previous block P is the attacker’s guess of the plaintext password of the victim.
• The XOR function looks like this (IV2⊕ Cx-1 ⊕ P)⊕IV2 • The two IV2s are XORed and cancel each other giving Cx-1⊕P Cx+1 = E(Cx-1⊕P) If, Cx= Cx+1, then P=Tx the attacker has successfully guessed the password.
BEATING THE BEAST • The most preferred way is to use TLS 1.1 or TLS 1.2. • If using a lower version of TLS or if the server is using SSL then use a stream cipher such as RC4.
CRIME • Compression Ratio Info-leak Made Easy • CRIME exploits the data compression feature of SSL and TLS. • CRIME attack works only when both the browser and server support TLS compression.
PREREQUISITES FOR ATTACK • The server must support SSL/TLS compression • The attacker must be able to mix his content with the SSL/TLS traffic • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim
CRIME INTERNALS • SSL/TLS compression use an algorithm called DEFLATE • DEFLATE compresses the HTTP requests by eliminating duplicate strings • Every instance of a duplicate string is replaced by a pointer to the first occurrence of the string • More redundant data will lead to more compression and thus smaller will be the length of the HTTP request
CRIME in action • Cookie: secret=341267 • The attacker knows that the session token contains Cookie: secret= • The attacker will keep changing the string after secret= and try to brute force the value
POST / HTTP/1.1 Host: importantserver.com Cookie: secret=341267 ... Cookie: secret=1 • DEFLATE recognizes that there is more than one occurrence of Cookie: secret= part and replaces the second instance with a small token that points to the location of the Cookie: secret= of the first string
The length of the request changes by 15 bytes
Brute forcing the session token:Byte1, Iteration 1 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=1
No additional change in length
Brute forcing the session token:Byte1, Iteration 2 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=2
No additional change in length
Brute forcing the session token:Byte1, Iteration 3 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=3
The length of the request decreases by 1 more byte. Thus we have successfully guessed the first byte of the session token. The attacker can repeat the process to guess the second byte of the request keeping the first byte constant.
Mitigations • CRIME can be defeated by preventing the use of compression
BREACH • Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext • BREACH happens to be more powerful than CRIME as it is not really possible to turn off HTTP compression.
PREREQUISTES FOR ATTACK The prerequisites of the BREACH attack are as follows: • The application must support HTTP compression • User input should be reflected in the response • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim • The HTTP response should have some secret information like CSRF token
RESPONSE NOT REQUEST • The attack works by injecting data into the HTTP request and analyzing the length of the HTTP responses • Any variation in length of the response indicates a successful guess
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=attacker's_guess RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php? id=token=attacker’s_guess”>
The length of the request changes by 6 bytes.
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=a RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=a”>
No additional change in length
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=b RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=b”>
No additional change in length
BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=c RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=c”>
The length changes by 1 extra byte. We have successfully guessed the first byte of the token
MITIGATIONS • Disabling HTTP compression • Separating secrets from user input • Randomizing secrets per request • Masking secrets (effectively randomizing by XORing with a random secret per request) • Length hiding (by adding random amount of bytes to the responses) • Rate-limiting the requests
Demo Video Links • Beast: http://www.youtube.com/watch?v=BTqAI DVUvrU • Crime: http://www.youtube.com/watch?v=gGPh HYyg9r4 • Breach:http://www.youtube.com/watch?v=pIKIX QNFplY&hd=1 •
Ssl attacks

Recommandé

SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLEJerome Smith
 
Poodle
PoodlePoodle
PoodleShreyas Kothari
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
SSL Layer
SSL LayerSSL Layer
SSL LayerTrinh Phuc Tho
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 

Recommandé

SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLEJerome Smith
 
Poodle
PoodlePoodle
PoodleShreyas Kothari
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
SSL Layer
SSL LayerSSL Layer
SSL LayerTrinh Phuc Tho
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
How ssl works
How ssl worksHow ssl works
How ssl worksSaptarshi Basu
 
SSL
SSLSSL
SSLtheekuchi
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackAlexandre Moneger
 
Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEASTStefan Fodor
 
Malicious file upload attacks - a case study
Malicious file upload attacks - a case studyMalicious file upload attacks - a case study
Malicious file upload attacks - a case studyOktawian Powazka
 

Contenu connexe

Tendances

TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackAlexandre Moneger
 

Tendances (20)

TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
SSL overview
SSL overviewSSL overview
SSL overview
 
SSL
SSLSSL
SSL
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
SSL intro
SSL introSSL intro
SSL intro
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
How ssl works
How ssl worksHow ssl works
How ssl works
 
SSL
SSLSSL
SSL
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stack
 

En vedette

Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEASTStefan Fodor
 
Malicious file upload attacks - a case study
Malicious file upload attacks - a case studyMalicious file upload attacks - a case study
Malicious file upload attacks - a case studyOktawian Powazka
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfYurii Bilyk
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
CamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacksCamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacksJerome Smith
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyJerome Smith
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Simone Onofri
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

En vedette (17)

Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEAST
 
Malicious file upload attacks - a case study
Malicious file upload attacks - a case studyMalicious file upload attacks - a case study
Malicious file upload attacks - a case study
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Internet cookies
Internet cookiesInternet cookies
Internet cookies
 
CamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacksCamSec Sept 2016 - Tricks to improve web app excel export attacks
CamSec Sept 2016 - Tricks to improve web app excel export attacks
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwerty
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
 
Click Jacking
Click JackingClick Jacking
Click Jacking
 
Clickjacking Attack
Clickjacking AttackClickjacking Attack
Clickjacking Attack
 
Click jacking
Click jacking Click jacking
Click jacking
 
Click jacking
Click jackingClick jacking
Click jacking
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Similaire à Ssl attacks

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
network attacks
network attacks network attacks
network attacks MuskanSony
 
Study and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer SecurityStudy and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer SecurityNazmul Hossain Rakib
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 

Similaire à Ssl attacks (20)

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLS
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Web Security
Web SecurityWeb Security
Web Security
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
network attacks
network attacks network attacks
network attacks
 
Study and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer SecurityStudy and Analysis of some Known attacks on Transport Layer Security
Study and Analysis of some Known attacks on Transport Layer Security
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
Types of attack
Types of attackTypes of attack
Types of attack
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Transportsec
TransportsecTransportsec
Transportsec
 
Security - ch5.ppt
Security - ch5.pptSecurity - ch5.ppt
Security - ch5.ppt
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 

Dernier (20)

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 

Ssl attacks

  • 1. SSL ATTACKS Asif H. Balasinor Security Analyst NII Consulting
  • 2. SSL ATTACKS • BEAST • CRIME • BREACH
  • 3. BEAST •Browser Exploit Against SSL/TLS. •BEAST is a client side attack. It does not affect servers. •The BEAST mounts a chosen plain text attack on the data transmitted from a client to a SSL enabled web server. •The attack only works on Block ciphers such as AES, DES . Stream ciphers are unaffected by the attack
  • 4. SSL BEAST PREREQUISTES • The SSL enabled web server must be running version of SSL 3.0 or lower or TLS 1.0. • It must support Block ciphers CBC. • The attacker must be able to mix his content with the SSL content. • The attacker must implement a Man-in-themiddle(MITM) so that he can observe the SSL traffic.
  • 6.
  • 7. BEAST in action Consider the block x: • Cx-1 ⊕Tx Cx-1 is the cipher text of the previous block x-1 and the IV of the current block. Tx is the plain text password of the user. Cx = E(Cx-1 ⊕Tx) Cx is the resulting cipher text after encryption This will be the IV of the next block, say IV2.
  • 8. The attacker injects the following in the SSL traffic in block (x+1) • IV2⊕ Cx-1 ⊕ P IV2 is the IV of the current block and the cipher of the previous block Cx Cx-1 is the IV of the previous block P is the attacker’s guess of the plaintext password of the victim.
  • 9. • The XOR function looks like this (IV2⊕ Cx-1 ⊕ P)⊕IV2 • The two IV2s are XORed and cancel each other giving Cx-1⊕P Cx+1 = E(Cx-1⊕P) If, Cx= Cx+1, then P=Tx the attacker has successfully guessed the password.
  • 10. BEATING THE BEAST • The most preferred way is to use TLS 1.1 or TLS 1.2. • If using a lower version of TLS or if the server is using SSL then use a stream cipher such as RC4.
  • 11. CRIME • Compression Ratio Info-leak Made Easy • CRIME exploits the data compression feature of SSL and TLS. • CRIME attack works only when both the browser and server support TLS compression.
  • 12. PREREQUISITES FOR ATTACK • The server must support SSL/TLS compression • The attacker must be able to mix his content with the SSL/TLS traffic • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim
  • 13. CRIME INTERNALS • SSL/TLS compression use an algorithm called DEFLATE • DEFLATE compresses the HTTP requests by eliminating duplicate strings • Every instance of a duplicate string is replaced by a pointer to the first occurrence of the string • More redundant data will lead to more compression and thus smaller will be the length of the HTTP request
  • 14. CRIME in action • Cookie: secret=341267 • The attacker knows that the session token contains Cookie: secret= • The attacker will keep changing the string after secret= and try to brute force the value
  • 15. POST / HTTP/1.1 Host: importantserver.com Cookie: secret=341267 ... Cookie: secret=1 • DEFLATE recognizes that there is more than one occurrence of Cookie: secret= part and replaces the second instance with a small token that points to the location of the Cookie: secret= of the first string
  • 16. The length of the request changes by 15 bytes
  • 17. Brute forcing the session token:Byte1, Iteration 1 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=1
  • 18. No additional change in length
  • 19. Brute forcing the session token:Byte1, Iteration 2 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=2
  • 20. No additional change in length
  • 21. Brute forcing the session token:Byte1, Iteration 3 POST / HTTP/1.1 Host: importantserver.com ... Cookie: secret=341267 ... Cookie: secret=3
  • 22. The length of the request decreases by 1 more byte. Thus we have successfully guessed the first byte of the session token. The attacker can repeat the process to guess the second byte of the request keeping the first byte constant.
  • 23. Mitigations • CRIME can be defeated by preventing the use of compression
  • 24. BREACH • Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext • BREACH happens to be more powerful than CRIME as it is not really possible to turn off HTTP compression.
  • 25. PREREQUISTES FOR ATTACK The prerequisites of the BREACH attack are as follows: • The application must support HTTP compression • User input should be reflected in the response • The attacker must be able to do a Man-in-themiddle(MITM) attack on the victim • The HTTP response should have some secret information like CSRF token
  • 26. RESPONSE NOT REQUEST • The attack works by injecting data into the HTTP request and analyzing the length of the HTTP responses • Any variation in length of the response indicates a successful guess
  • 27. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=attacker's_guess RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php? id=token=attacker’s_guess”>
  • 28. The length of the request changes by 6 bytes.
  • 29. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=a RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=a”>
  • 30. No additional change in length
  • 31. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=b RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=b”>
  • 32. No additional change in length
  • 33. BREACH IN ACTION REQUEST: GET /stuff/form.php?id=token=c RESPONSE: <a href=“form2.php?token=csvfd123”>Go to form 2></a> …………………… <form target=https://example.com:443/stuff/everything.php?id= token=c”>
  • 34. The length changes by 1 extra byte. We have successfully guessed the first byte of the token
  • 35. MITIGATIONS • Disabling HTTP compression • Separating secrets from user input • Randomizing secrets per request • Masking secrets (effectively randomizing by XORing with a random secret per request) • Length hiding (by adding random amount of bytes to the responses) • Rate-limiting the requests
  • 36. Demo Video Links • Beast: http://www.youtube.com/watch?v=BTqAI DVUvrU • Crime: http://www.youtube.com/watch?v=gGPh HYyg9r4 • Breach:http://www.youtube.com/watch?v=pIKIX QNFplY&hd=1 •