abbreviation for Transport Layer Security and it’s successor Secure Socket Layer Provide communication security over the Internet. Even when the network is being MITM attack. SSL/TLS Introduction
demonstration of the HTTPS stripping attacks It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph- similar HTTPS links SSLstrip Introduction
Bridge www.facebook.com bridge https://www.facebook.com? www.facebook.com 302 redirect Hyper link How it work
Detail – Normal Scenario User type: example.com http://example.com https://abc.example.com Server reply 302 redirect to https://abc.example.com SSL/TLS handshake Serve reply 200 ok User Browser Server
Detail – Attack Scenario User/browser Attacker Server http://example.com Server reply 302 redirect to https://abc.example.com Strip https to http http://abc.example.co m Server reply 302 redirect to http://abc.example.com Record url url match https://abc.example.com SSL/TLS handshake Application Data Stripped Application Data Strip https to http
Verify that the name of the leaf node is the same as the site you're connecting to. Verify that the leaf certificate has not expired. Check the signature If the signing CA is in our list of trusted root CAs, stop. Otherwise, move one up the chain and repeat. How we verify
Verify that the name of the leaf node is the same as the site you're connecting to. Verify that the leaf certificate has not expired. Check the signature If the signing CA is in our list of trusted root CAs, stop. Otherwise, move one up the chain and repeat. What they say
All the signatures are valid. Nothing has expired. The chain is in tact. The root CA is embedded in the browser and trusted. Something must be wrong, but...
Most CAs didn't explicitly set basicConstraints: CA=False Whether the field was there or not, most SSL implementations didn't bother to check it. Anyone with a valid leaf node certificate could create and sign a leaf node certificate for any other domain. When presented with a complete chain, IE, Outlook, Konqueror, OpenSSL, and others considered it valid... Back in the day
Microsoft claimed that it was impossible to exploit. So The Author published the tool that exploits it. And then in 2002...
SSLsniff detail User/browser Attacker https://abc.example.com SSL/TLS handshake Application Data https://abc.example.com 1. Generate a certificate for the site it is connected to 2. Sign it with any random valid leaf node certificate. 3. Pass that certificate chain to the client. SSL/TLS handshake Application Data 1.Get the Data from server 2. Encrypt it with our private key 3. Send to user
X509 Certificate Version Serial Number Issuer Validity Subject PublicKey Signature Algorithm Signature What's with certificates, anyways? Identify some subjects Get the public key Issue by some Issuer Issuer Signature