Presentation is loading. Please wait.

Presentation is loading. Please wait.

More Trick For Defeating SSL DEFCON 17 Moxie Marlinspike.

Similar presentations


Presentation on theme: "More Trick For Defeating SSL DEFCON 17 Moxie Marlinspike."— Presentation transcript:

1 More Trick For Defeating SSL DEFCON 17 Moxie Marlinspike

2  1. Introduction  2. Background Knowledge  SSL/TLS protocol  3. sslstrip  4. sslsniff  A. Basic Constraints vulnerability  B. Null-Prefix Attack  C. bypassing OCSP  5. Conclusion Outline

3  Demonstrate some new tricks for defeating SSL/TLS in places where sslstrip does not reach. Introduction

4 Background Knowledge SSL/TLS Protocol

5  abbreviation for Transport Layer Security and it’s successor Secure Socket Layer  Provide communication security over the Internet.  Even when the network is being MITM attack. SSL/TLS Introduction

6 Network Stack

7 Handshake Process

8

9 SSLstrip

10  demonstration of the HTTPS stripping attacks  It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph- similar HTTPS links SSLstrip Introduction[1]

11  Bridge   bridge  https://www.facebook.com?  302 redirect  Hyper link How it work

12 302 Redirect

13 Detail – Normal Scenario User type: example.com https://abc.example.com Server reply 302 redirect to https://abc.example.com SSL/TLS handshake Serve reply 200 ok User Browser Server

14 Detail – Normal Scenario

15 Detail – Attack Scenario User/browser Attacker Server Server reply 302 redirect to https://abc.example.com Strip https to http m Server reply 302 redirect to Record url url match https://abc.example.com SSL/TLS handshake Application Data Stripped Application Data Strip https to http

16 Result(without strip)

17 Result(with strip)

18  the browser query https://abc.example.com directly.https://abc.example.com  Bookmark  User typing  Other protocol  smtps  Ftps  Sftp…. What can’t sslstirp do

19 SSLsniff - Basic Constraints vulnerability

20 Certificate Chaining

21

22  Verify that the name of the leaf node is the same as the site you're connecting to.  Verify that the leaf certificate has not expired.  Check the signature  If the signing CA is in our list of trusted root CAs, stop. Otherwise, move one up the chain and repeat. How we verify

23

24

25  Verify that the name of the leaf node is the same as the site you're connecting to.  Verify that the leaf certificate has not expired.  Check the signature  If the signing CA is in our list of trusted root CAs, stop. Otherwise, move one up the chain and repeat. What they say

26  All the signatures are valid.  Nothing has expired.  The chain is in tact.  The root CA is embedded in the browser and trusted. Something must be wrong, but...

27 The missing piece

28  Most CAs didn't explicitly set  basicConstraints: CA=False  Whether the field was there or not, most SSL implementations didn't bother to check it.  Anyone with a valid leaf node certificate could create and sign a leaf node certificate for any other domain.  When presented with a complete chain, IE, Outlook, Konqueror, OpenSSL, and others considered it valid... Back in the day

29  Microsoft claimed that it was impossible to exploit.  So The Author published the tool that exploits it. And then in

30 SSLsniff detail User/browser Attacker https://abc.example.com SSL/TLS handshake Application Data https://abc.example.com 1. Generate a certificate for the site it is connected to 2. Sign it with any random valid leaf node certificate. 3. Pass that certificate chain to the client. SSL/TLS handshake Application Data 1.Get the Data from server 2. Encrypt it with our private key 3. Send to user

31 SSLsniff – Null Prefix Attack Author’s PPT

32  X509 Certificate  Version  Serial Number  Issuer  Validity  Subject  PublicKey  Signature Algorithm  Signature What's with certificates, anyways? Identify some subjects Get the public key Issue by some Issuer Issuer Signature

33

34  Secrecy-Encryption algorithm  Authenticity-Digital Signature  Integrity-Checksum The Big Three

35 SSL Handshake Beginnings


Download ppt "More Trick For Defeating SSL DEFCON 17 Moxie Marlinspike."

Similar presentations


Ads by Google