HTTPS attack
Full-site HTTPS is planning the trend of the draft
such as: Baidu, Ali
The role of HTTPS
CIA
The solution is the data in the transmission process of tampering, stealing "from the injection of malicious code, many for link hijacking"
Encryption: Symmetric, asymmetric, unidirectional
HTTPS Attack method
Downgrade attack
Decryption attacks (clear text, certificate forgery)
Vulnerability to protocol Vulnerability (poodle), HTTPS implementation method (refer to the principle of heart bleed vulnerability), not strictly configured
SSL (Secure socket Layer)
Encryption protocol to ensure network communication security
TLS it is built on the SSL 3.0 protocol specification and is a subsequent version of SSL 3.0 and can be understood as SSL 3.1 "For compatibility issues, the low version of TLS is still in use"
The difference between SSL and TLS
#TLS/ssl, HTTPS, HTTP over SSL common means
SSL/TLS is also used for transmission channel encryption in other scenarios
1, Mail transfer (between server, client and service period)
2. Inter-database server
3, LDAP identity authentication server room
4. SSL VPN
5. Encryption and identity authentication during Remote Desktop RDP communication
Query native owned root certificate "can be queried by browser"
SSL encryption in Web traffic
Asymmetric encryption Algorithm "The amount of encrypted data is relatively large information, performance is poor"
Diffie-hellman Key Exchange
Rivest Shamir Adleman (RSA)
Elliptic Curve Cryptography (ECC)
Symmetric encryption algorithm
Data Encryption Standard (DES)/3des
Advance Encryption Standard (AES)
International Data Encryption Algorithm (IDEA)
Rivest Cipher 4 (RC4)
WEP, Tls/ssl, RDP, Secure Shell
One-way encryption Algorithm (HASH)
MD5, SHA-1, SHA-2 "The first two have been considered unsafe"
SHA-3 has been designed, but not widely used
SHA-2 is the only supported one-way encryption algorithm for TLS 1.2
Collision attack for one-way encryption algorithm
Two different files generate the same hash value
The weaknesses of SSL
SSL is a combination of different symmetric, asymmetric, one-way encryption algorithms (cipher suite)
Because the server side provides better compatibility, choose to support a large number of outdated cipher suite
Forced downgrade of cryptographic strength during negotiation
Modern processor computing power can break outdated encryption algorithms in an acceptable time period
Hack by buying cloud computing resources
Openssl "Kali system Command"
Call the OpenSSL library directly to identify the SSL/TLS cipher suite supported by the target server
View the certificate used by the Web site
OpenSSL s_client-connect www.baidu.com:443 "S_client: As a client-connect: Connection + Server domain: port"
Test whether a protocol is supported (a low-version protocol)
OpenSSL s_client-tls1_2-cipher ' Ecdh-rsa-rc4-sha '-connect www.taobao.com:443
Test whether all unsafe ciphers suite are not supported
OpenSSL s_client-tls1_2-cipher "Null,export,low,des"-connect www.taobao.com:443
View cipher Suite "OpenSSL" that can now be cracked
OpenSSL ciphers-v "Null,export,low,des"
#可用man OpenSSL View the parameters of OpenSSL, custom construct commands
#Openssl需要大量密码学相关知识, commands are complex, results are poor readability, but powerful
Sslscan
Automatic identification of SSL configuration errors, expiration protocols, outdated cipher suite and hash algorithms
Crime, Heartbleed vulnerabilities are checked by default
Green indicates safety, yellow indicates warning, red indicates danger
TLS-supported cipher Suite
Sslscan--tlsall www.taobao.com:443
Analyze Certificate Details
Sslscan--show-certificate--no-ciphersuites www.taobao.com:443
Sslyze
Python language Writing
Check for outdated SSL versions
Check for cipher suite that has weaknesses
Support source files (Specify scanned files) when scanning multiple sites
Check whether session recovery is supported
Sslyze--regular www.taobao.com:443 "Call plugin"
#NAMP枚举SSL脚本
Nmap--script=ssl-enum-ciphers.nse www.taobao.com
Query Nmap Script
Web site "Https://www.ssllabs.com/ssltest" to check for SSL
Just enter the domain name "can hide your own IP"
Small white diary 52:kali penetration test Web penetration-https attack (Openssl, Sslscan, sslyze, Web site checking SSL)