25 Ocak 2024 Perşembe

ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

More articles


  1. Nsa Hack Tools
  2. Hacker Tools List
  3. Hacker Tools Hardware
  4. Hacker Tools Windows
  5. Hacking Tools Name
  6. Computer Hacker
  7. Pentest Tools Subdomain
  8. Pentest Tools Url Fuzzer
  9. Hacking Tools Free Download
  10. Hackrf Tools
  11. Underground Hacker Sites
  12. Pentest Tools Find Subdomains
  13. Hacker Tools Hardware
  14. Black Hat Hacker Tools
  15. Hacking Tools Pc
  16. New Hacker Tools
  17. Hacker Tools For Ios
  18. Nsa Hack Tools
  19. Free Pentest Tools For Windows
  20. Hacker Tools For Ios
  21. Hacking Tools Windows
  22. Free Pentest Tools For Windows
  23. Growth Hacker Tools
  24. Hacker Search Tools
  25. Growth Hacker Tools
  26. Hacker Tools Github
  27. Pentest Box Tools Download
  28. Hacking Tools Free Download
  29. New Hacker Tools
  30. Pentest Tools Url Fuzzer
  31. Nsa Hack Tools Download
  32. Top Pentest Tools
  33. Hacker Tools Apk Download
  34. Hacking Tools Name
  35. Pentest Tools For Windows
  36. Hack Tools Online
  37. Hacking Tools Windows 10
  38. Hacker Tools Hardware
  39. How To Hack
  40. Pentest Reporting Tools
  41. Hacker Tools For Pc
  42. Pentest Tools Download
  43. Hack Tool Apk No Root
  44. What Is Hacking Tools
  45. Pentest Tools Website
  46. Hacker Tools For Windows
  47. Hacking Apps
  48. Hack Tools For Games
  49. Hacker Tools Linux
  50. Hacking App
  51. Pentest Tools Kali Linux
  52. Hacker Tools Apk Download
  53. Underground Hacker Sites
  54. Bluetooth Hacking Tools Kali
  55. Hacker Tools Hardware
  56. Pentest Tools Bluekeep
  57. Pentest Tools Website Vulnerability
  58. Hack Tools For Games
  59. Hacker Security Tools
  60. Tools 4 Hack
  61. Hacker Tools For Ios
  62. Hacking Tools 2019
  63. Hacking Tools For Beginners
  64. Hacking Tools Usb
  65. What Are Hacking Tools
  66. Hack Rom Tools
  67. Termux Hacking Tools 2019
  68. Pentest Tools List
  69. Pentest Tools Online
  70. What Are Hacking Tools
  71. Hak5 Tools
  72. Hacker Tools For Mac
  73. Pentest Tools Find Subdomains
  74. Best Pentesting Tools 2018
  75. Pentest Tools Bluekeep
  76. Hacker Tools Apk
  77. Pentest Tools Alternative
  78. Hack Tools For Pc
  79. Hacking Tools For Windows
  80. Pentest Tools Url Fuzzer
  81. Hacker Tool Kit
  82. Hacking Tools For Windows 7
  83. Pentest Automation Tools
  84. Pentest Tools Website Vulnerability
  85. Hack Tools Mac
  86. New Hacker Tools
  87. Hacking Tools And Software
  88. Pentest Tools Free
  89. Pentest Tools Kali Linux

Hiç yorum yok:

Yorum Gönder