SSLstrip Stepan Shykerynets 23.03.2013.
47
SSLstrip Stepan Shykerynets http://wisc.org.ua/ 23.03.2013
-
Upload
leah-hauke -
Category
Documents
-
view
232 -
download
1
Transcript of SSLstrip Stepan Shykerynets 23.03.2013.
SSLstrip
Stepan Shykerynets
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
!Attention
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
Private / Public key
Public key
Private key
SERVERCLIENT
http://wisc.org.ua/ 23.03.2013
Private / Public key
Public key
Private key
SERVERCLIENT
Public key CA
http://wisc.org.ua/ 23.03.2013
Private / Public key
Public key
Private key
SERVERCLIENT
Public key
CA
http://wisc.org.ua/ 23.03.2013
Private / Public key
Message Public key
Encrypted message
Private key Message
http://wisc.org.ua/ 23.03.2013
SSL And Certificate Chaining
http://wisc.org.ua/ 23.03.2013
Certificate
• X509 Certificateversionserial numberissuervaliditysubjectpublic key
• Signature algorithm• Signature
http://wisc.org.ua/ 23.03.2013
Certificate Chaining
CA CertificateEmbedded in browser.All powerful.Certifies that a site certificate is authentic.
Site CertificateIdentifies a particular URL.Is known to be authentic based on CA Certificate's signature.
http://wisc.org.ua/ 23.03.2013
Certificate Chaining
CA CertificateEmbedded in browser.All powerful.Certifies that a site certificate is authentic.
Site CertificateIdentifies a particular URL.Is known to be authentic based on CA Certificate's signature.
Intermediate CANot embedded in browser.Still sort of all-powerful.Certifies that a site certificate is authentic.
http://wisc.org.ua/ 23.03.2013
Certificate Chaining
VeriSign
Facebook.com
Intermediate CA
http://wisc.org.ua/ 23.03.2013
Certificate Chains Can Be > 3
VeriSign
Facebook.com
Intermediate CA
Intermediate CA
http://wisc.org.ua/ 23.03.2013
How do we validate these things?
• Verify that the leaf node has the name of the site you're connecting to.
• Verify that the leaf node hasn't expired.• Check the signature.• If the signing certificate is in our list of root
CA's, stop.• Otherwise, move one up the chain and repeat.
http://wisc.org.ua/ 23.03.2013
Very tempting to use a simple recursive function.
Everyone focuses on the signature validation.
The result of a naive attempt at validation is a chain that is complete, but nothing more.
http://wisc.org.ua/ 23.03.2013
What if …VeriSign
hack.org
Intermediate CA
Intermediate CA
http://wisc.org.ua/ 23.03.2013
What if …VeriSign
hack.org
Intermediate CA
Intermediate CA
Facebook.com
http://wisc.org.ua/ 23.03.2013
What they say :
• Verify that the leaf node has the name of the site you're connecting to.
• Verify that the leaf node hasn't expired.• Check the signature.• If the signing certificate is in our list of root
CA's, stop. • Otherwise, move one up the chain and repeat.
http://wisc.org.ua/ 23.03.2013
But …
• All the signatures are valid• Nothing has expired• The chain is in fact• The root CA is embedded in the browser and
trusted
http://wisc.org.ua/ 23.03.2013
The missing piece
http://wisc.org.ua/ 23.03.2013
The missing piece
!
http://wisc.org.ua/ 23.03.2013
The missing piece
http://wisc.org.ua/ 23.03.2013
• Most CA's didn't explicitly set basic Constraints: CA=FALSE
• A lot of web browsers and other SSL implementations didn't bother to check it, whether the field was there or not
• Any one with a valid leaf node certificate could create and sign a leaf node certificate for any other domain.
http://wisc.org.ua/ 23.03.2013
But we have one problem
http://wisc.org.ua/ 23.03.2013
Smart browsers
http://wisc.org.ua/ 23.03.2013
People are …
http://wisc.org.ua/ 23.03.2013
People are …LAZY
http://wisc.org.ua/ 23.03.2013
http://...https://...
http://wisc.org.ua/ 23.03.2013
SSLsniff
http://wisc.org.ua/ 23.03.2013
SSLsniff
• Intercept a connection from the client side.
• Generate a certificate for the site it is connecting to.
• Sign in with any random valid leaf node certificate.
• Pass that certificate chain to the client.
• Make normal SSL connection to the server.
• Pass data between client and server, decrypting and encrypting on each end.
http://wisc.org.ua/ 23.03.2013
Web browsing
• SSL is almost never encountered directly.• It is either encountered as a result of:
A 302 redirect from HTTP URL to an HTTPS URL.An HTTPS link that a user click on from an HTTP page.
http://wisc.org.ua/ 23.03.2013
SSLstrip
• Watch HTTP traffic go by.• Switch <a href="https://> to <a href="http://> and keep a map of what you've changed.• Switch Location: https:// to Location: http:// and keep a map of what you've changed.
http://wisc.org.ua/ 23.03.2013
SSLstrip
• Watch HTTP traffic go by.• When we seen an HTTP request for URL that we've stripped, proxy that out as HTTPS to the server.•Watch the HTTPS traffic go by, log everything that we want, and keep a map of all relative, CSS and JS links that go by.
http://wisc.org.ua/ 23.03.2013
SSLstrip
•The server never knows the difference. Everything looks secure on their end.•The client doesn't display any of the disastrous warnings that we want to avoid.•We see all the traffic.
http://wisc.org.ua/ 23.03.2013
http://wisc.org.ua/ 23.03.2013
Let's simplify it…
Time to action
http://wisc.org.ua/ 23.03.2013
BackTrack : Giving Machine Guns to Monkeys since 2006
http://wisc.org.ua/ 23.03.2013
Tools
• SSLstrip• ARPspoof• Ettercap
http://wisc.org.ua/ 23.03.2013
Commands
• #bt echo "1" > /proc/sys/net/ipv4/ip_forward• # bt iptables -t nat -A PREROUTING -p tcp --
destination-port 80 -j REDIRECT --to-port 10000• #bt sslstrip -a -l 10000 -w log.txt –f• # arpspoof -i <yourNetworkdDevice> -t <yourTarget>
<theRoutersIpAddress>• # ettercap -T –q –i <yourNetworkdDevice>
http://wisc.org.ua/ 23.03.2013
Protection
• Google services• High protection network equipment• Checking site certificates
http://wisc.org.ua/ 23.03.2013
