Thursday, January 25, 2024

ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Related links
  1. Game Hacking
  2. Hacker Techniques Tools And Incident Handling
  3. Usb Pentest Tools
  4. Hacking Tools And Software
  5. Hacker Tools For Pc
  6. Pentest Tools Apk
  7. Pentest Tools Website
  8. Hacking Tools For Mac
  9. Nsa Hacker Tools
  10. Hacker Tools Hardware
  11. Hacker Tools 2019
  12. New Hacker Tools
  13. Best Pentesting Tools 2018
  14. Beginner Hacker Tools
  15. Black Hat Hacker Tools
  16. Hacker Tools Github
  17. Hacking Tools Name
  18. Hacking Tools Software
  19. Hacker Tools Linux
  20. Hack Tool Apk No Root
  21. Pentest Tools For Android
  22. Game Hacking
  23. What Is Hacking Tools
  24. Hacking App
  25. Hack Tools For Windows
  26. Install Pentest Tools Ubuntu
  27. Hacker Tools Free Download
  28. Hacking Tools Online
  29. Hacker Tools Hardware
  30. Hacking Tools Online
  31. Pentest Tools List
  32. Hack Tools For Pc
  33. How To Hack
  34. Hacker Tools Mac
  35. Hacking Tools And Software
  36. Kik Hack Tools
  37. Hacker Tools Apk
  38. Game Hacking
  39. Hacking Tools Name
  40. Hack Tools
  41. Free Pentest Tools For Windows
  42. Nsa Hack Tools
  43. Hacker Techniques Tools And Incident Handling
  44. Hacker Security Tools
  45. Hacker Tools For Mac
  46. Blackhat Hacker Tools
  47. Pentest Tools List
  48. Hacker Tools Github
  49. Best Pentesting Tools 2018
  50. Hack Tools 2019
  51. Kik Hack Tools
  52. Pentest Tools List
  53. World No 1 Hacker Software
  54. Hacker Tools 2020
  55. Hack Tools For Pc
  56. Hacker
  57. Easy Hack Tools
  58. Termux Hacking Tools 2019
  59. How To Install Pentest Tools In Ubuntu
  60. Tools Used For Hacking
  61. Termux Hacking Tools 2019
  62. Tools Used For Hacking
  63. Hacker Tools For Windows
  64. Hacking Tools Name
  65. Pentest Tools Tcp Port Scanner
  66. Hacking Tools For Windows
  67. Hacking Tools For Windows
  68. Hak5 Tools
  69. Hacker Tools Hardware
  70. Pentest Tools Github
  71. Ethical Hacker Tools
  72. Hacker Tools For Windows
  73. Hack Tool Apk
  74. Hack Tool Apk
  75. Hacking Tools
  76. Hacking Tools Pc
  77. Hacking Tools Online
  78. Pentest Box Tools Download
  79. Pentest Tools Alternative
  80. New Hacker Tools
  81. Hack Tools Github
  82. Black Hat Hacker Tools
  83. Hack Tools Pc
  84. Hack Tools Pc
  85. Hacking Tools Name
  86. Hack Tools For Ubuntu
  87. Tools For Hacker
  88. Hacking Tools Free Download
  89. What Are Hacking Tools
  90. Hacking Tools For Windows 7
  91. Wifi Hacker Tools For Windows
  92. Hack Tools For Pc
  93. Hack Tools 2019
  94. Nsa Hacker Tools
  95. Pentest Tools Subdomain
  96. Hack Apps
  97. Hacking Tools For Mac
  98. Hacking Tools Name
  99. Pentest Tools Website Vulnerability
  100. Top Pentest Tools
  101. Hack Tools Online
  102. Pentest Tools Website Vulnerability
  103. Hacker
  104. Pentest Tools Download
  105. Nsa Hack Tools Download
  106. How To Hack
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)