jueves, 18 de enero de 2024

ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Related posts


  1. Hacking Tools Free Download
  2. Hacker Tools Mac
  3. Pentest Tools Review
  4. Hacks And Tools
  5. Hacks And Tools
  6. Pentest Tools For Windows
  7. Pentest Tools
  8. Hacker Techniques Tools And Incident Handling
  9. Hack Tools Download
  10. Hack Tools Online
  11. Pentest Box Tools Download
  12. Hacker Tools Mac
  13. Pentest Tools Apk
  14. What Is Hacking Tools
  15. Hacker Tools Github
  16. Pentest Tools Subdomain
  17. Pentest Tools Apk
  18. Hacker Tools Software
  19. Hacking Tools For Windows Free Download
  20. What Is Hacking Tools
  21. Pentest Tools For Windows
  22. Pentest Box Tools Download
  23. Hak5 Tools
  24. Hacker Tools For Ios
  25. Android Hack Tools Github
  26. Hack Website Online Tool
  27. Free Pentest Tools For Windows
  28. Easy Hack Tools
  29. Hacker Tools Mac
  30. Pentest Tools Website
  31. Tools Used For Hacking
  32. Termux Hacking Tools 2019
  33. Easy Hack Tools
  34. Nsa Hack Tools Download
  35. Hacker Tools For Mac
  36. Hacking Tools
  37. Hack Tools For Windows
  38. Pentest Tools For Android
  39. Hacking Tools Hardware
  40. Hacking Tools For Pc
  41. Hack Tools For Mac
  42. Hacking Tools Hardware
  43. Blackhat Hacker Tools
  44. Hacker Tools For Mac
  45. Hackers Toolbox
  46. Hacking Tools Free Download
  47. Hack Apps
  48. Underground Hacker Sites
  49. Pentest Tools Website Vulnerability
  50. Pentest Tools List
  51. Hacker Tool Kit
  52. Tools For Hacker
  53. Hacker Hardware Tools
  54. Hacks And Tools
  55. Hacker Tools Mac
  56. Pentest Tools Bluekeep
  57. Pentest Reporting Tools
  58. Pentest Tools Port Scanner
  59. Tools Used For Hacking
  60. Bluetooth Hacking Tools Kali
  61. Game Hacking
  62. How To Make Hacking Tools
  63. Pentest Tools Linux
  64. Pentest Tools Download
  65. Pentest Tools
  66. Hacking Tools Hardware
  67. Hack App
  68. Kik Hack Tools
  69. Blackhat Hacker Tools
  70. Pentest Tools Url Fuzzer
  71. Hacking Apps
  72. Pentest Tools Github
  73. Hacker Tools Apk
  74. Pentest Tools
  75. Hack Tools For Ubuntu
  76. Nsa Hack Tools
  77. Pentest Automation Tools
  78. Nsa Hack Tools Download
  79. Pentest Tools Free
  80. Pentest Tools For Ubuntu
  81. Pentest Tools Tcp Port Scanner
  82. Pentest Recon Tools
  83. Game Hacking
  84. Usb Pentest Tools
  85. Hacking Apps
  86. Hacking Tools 2019
  87. Hack Tools Mac
  88. Hacker Tools Free Download
  89. Hacking App
  90. Pentest Tools Nmap
  91. Hack Apps
  92. Hacker Tools For Ios
  93. Hacker Tools Free Download
  94. Hacking Tools And Software
  95. Hack Tools Download
  96. Pentest Tools Nmap
  97. Best Hacking Tools 2020
  98. Hack Tool Apk No Root
  99. Hacker Tools Software
  100. Wifi Hacker Tools For Windows
  101. Pentest Tools Port Scanner
  102. Hacker Tool Kit
  103. Hacking Tools For Games
Publicadas por a la/s

No hay comentarios.:

Publicar un comentario

Suscribirse a: Comentarios de la entrada (Atom)