ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Related word


  1. Best Pentesting Tools 2018
  2. Hacking Tools Mac
  3. Install Pentest Tools Ubuntu
  4. Hacking Tools Software
  5. Hack Rom Tools
  6. Bluetooth Hacking Tools Kali
  7. What Are Hacking Tools
  8. Physical Pentest Tools
  9. Wifi Hacker Tools For Windows
  10. How To Make Hacking Tools
  11. Pentest Tools Subdomain
  12. Hack Apps
  13. Pentest Tools Url Fuzzer
  14. Hacking Tools Github
  15. Pentest Tools Review
  16. Best Pentesting Tools 2018
  17. Hacker Tools Free
  18. Wifi Hacker Tools For Windows
  19. Hak5 Tools
  20. Hack Tools Github
  21. Hacking Tools 2020
  22. Hacking Tools Free Download
  23. Hacks And Tools
  24. Hacking Tools And Software
  25. Hacking Tools And Software
  26. Pentest Tools Url Fuzzer
  27. Game Hacking
  28. Pentest Tools Windows
  29. Pentest Tools Linux
  30. Best Pentesting Tools 2018
  31. Hacking Tools For Mac
  32. Hacking Apps
  33. Pentest Tools Find Subdomains
  34. Hack Tools Online
  35. How To Install Pentest Tools In Ubuntu
  36. Hack Tools Github
  37. Hacker Tools
  38. Hacker Techniques Tools And Incident Handling
  39. New Hacker Tools
  40. Hak5 Tools
  41. Hack Tool Apk No Root
  42. Tools For Hacker
  43. Hacker Tools Github
  44. How To Hack
  45. Kik Hack Tools
  46. Hacker Tools Free
  47. Pentest Tools Github
  48. Hacker Tools For Windows
  49. Pentest Tools Windows
  50. Hacker Tools For Pc
  51. Pentest Tools Free
  52. Hack Rom Tools
  53. Hack Tools
  54. Pentest Tools Nmap
  55. Hacking Tools Windows 10
  56. Hacking Tools Name
  57. Growth Hacker Tools
  58. Hacker Tools Mac
  59. Hacker Tools Online
  60. New Hack Tools
  61. Bluetooth Hacking Tools Kali
  62. Tools For Hacker
  63. Nsa Hack Tools Download
  64. Hacker Tools For Mac
  65. Hack Tools
  66. Tools For Hacker
  67. Hacker Security Tools
  68. Hack Tools Mac
  69. Best Pentesting Tools 2018
  70. Hacking Tools For Windows
  71. Hacking Tools Usb
  72. Hacking Tools For Windows
  73. Pentest Tools Github
  74. Hacker Search Tools
  75. Hacking Tools For Pc
  76. Best Pentesting Tools 2018
  77. Hacking Tools 2020
  78. Underground Hacker Sites
  79. Hacking Tools Name
  80. Pentest Automation Tools
  81. Tools For Hacker
  82. Nsa Hack Tools Download
  83. Top Pentest Tools
  84. Hacking Tools 2020
  85. Hacker Tools For Windows
  86. Hacking Tools For Mac
  87. Github Hacking Tools
  88. Hacker Tools Hardware
  89. What Is Hacking Tools
  90. Hack Tools Online
  91. Hackrf Tools
  92. Hackrf Tools
  93. Android Hack Tools Github
  94. Hacker Tools For Pc
  95. Hack Tools Online
  96. How To Install Pentest Tools In Ubuntu
  97. Hacker Tools 2020
  98. Hacking Tools Usb
  99. Pentest Tools Apk
  100. Hackers Toolbox
  101. Hacking Tools Download
  102. Termux Hacking Tools 2019
  103. Hacking Tools Kit
  104. Hacking Tools Download
  105. Hacker Tools 2020
  106. Bluetooth Hacking Tools Kali
  107. Hacking Tools Online
  108. Hacker Tools Hardware
  109. Hacking Tools Windows 10
  110. Nsa Hack Tools
  111. Pentest Tools Android
  112. Wifi Hacker Tools For Windows
  113. How To Install Pentest Tools In Ubuntu
  114. Hacking Tools Free Download
  115. What Is Hacking Tools
  116. Hacking Tools 2019
  117. Termux Hacking Tools 2019
  118. Wifi Hacker Tools For Windows
  119. Hacker Tools For Windows
  120. Hacker Tool Kit
  121. Hacker Tools For Pc
  122. Hacker Tools
  123. What Is Hacking Tools
  124. Hack Tools For Pc
  125. Pentest Box Tools Download
  126. Best Hacking Tools 2020
  127. Pentest Tools Online
  128. Pentest Tools Find Subdomains
  129. Hacker Techniques Tools And Incident Handling
  130. Hacker Tools Hardware
  131. Pentest Tools For Ubuntu
  132. Blackhat Hacker Tools
  133. Black Hat Hacker Tools
  134. Hacking Tools And Software
  135. Hacker Tools For Ios
  136. Hacking Tools Kit
  137. Pentest Tools Subdomain
  138. Pentest Tools Subdomain
  139. Pentest Tools Apk
  140. Tools Used For Hacking
  141. Android Hack Tools Github
  142. Pentest Tools Linux
  143. Hack Tools For Ubuntu
  144. Pentest Tools Framework
  145. Hacking Tools Github
  146. Pentest Tools Online
  147. Pentest Automation Tools
  148. Hack Tools For Games
  149. Pentest Recon Tools
  150. Hacker Tools Linux
  151. Pentest Tools List
  152. Hackers Toolbox
  153. Hackrf Tools
  154. Pentest Tools Linux
  155. Hacking Tools Name

Sem comentários:

Enviar um comentário

Subscrever: Enviar feedback (Atom)