Small white diary 52:kali penetration test Web penetration-https attack (Openssl, Sslscan, sslyze, Web site checking SSL)

HTTPS attack

Full-site HTTPS is planning the trend of the draft

such as: Baidu, Ali

The role of HTTPS

CIA

The solution is the data in the transmission process of tampering, stealing "from the injection of malicious code, many for link hijacking"

Encryption: Symmetric, asymmetric, unidirectional

HTTPS Attack method

Downgrade attack

Decryption attacks (clear text, certificate forgery)

Vulnerability to protocol Vulnerability (poodle), HTTPS implementation method (refer to the principle of heart bleed vulnerability), not strictly configured

SSL (Secure socket Layer)

Encryption protocol to ensure network communication security

TLS it is built on the SSL 3.0 protocol specification and is a subsequent version of SSL 3.0 and can be understood as SSL 3.1 "For compatibility issues, the low version of TLS is still in use"

The difference between SSL and TLS

#TLS/ssl, HTTPS, HTTP over SSL common means

SSL/TLS is also used for transmission channel encryption in other scenarios

1, Mail transfer (between server, client and service period)

2. Inter-database server

3, LDAP identity authentication server room

4. SSL VPN

5. Encryption and identity authentication during Remote Desktop RDP communication

Query native owned root certificate "can be queried by browser"

SSL encryption in Web traffic

Asymmetric encryption Algorithm "The amount of encrypted data is relatively large information, performance is poor"

Diffie-hellman Key Exchange

Rivest Shamir Adleman (RSA)

Elliptic Curve Cryptography (ECC)

Symmetric encryption algorithm

Data Encryption Standard (DES)/3des

Advance Encryption Standard (AES)

International Data Encryption Algorithm (IDEA)

Rivest Cipher 4 (RC4)

WEP, Tls/ssl, RDP, Secure Shell

One-way encryption Algorithm (HASH)

MD5, SHA-1, SHA-2 "The first two have been considered unsafe"

SHA-3 has been designed, but not widely used

SHA-2 is the only supported one-way encryption algorithm for TLS 1.2

Collision attack for one-way encryption algorithm

Two different files generate the same hash value

The weaknesses of SSL

SSL is a combination of different symmetric, asymmetric, one-way encryption algorithms (cipher suite)

Because the server side provides better compatibility, choose to support a large number of outdated cipher suite

Forced downgrade of cryptographic strength during negotiation

Modern processor computing power can break outdated encryption algorithms in an acceptable time period

Hack by buying cloud computing resources

Openssl "Kali system Command"

Call the OpenSSL library directly to identify the SSL/TLS cipher suite supported by the target server

View the certificate used by the Web site

OpenSSL s_client-connect www.baidu.com:443 "S_client: As a client-connect: Connection + Server domain: port"

Test whether a protocol is supported (a low-version protocol)

OpenSSL s_client-tls1_2-cipher ' Ecdh-rsa-rc4-sha '-connect www.taobao.com:443

Test whether all unsafe ciphers suite are not supported

OpenSSL s_client-tls1_2-cipher "Null,export,low,des"-connect www.taobao.com:443

View cipher Suite "OpenSSL" that can now be cracked

OpenSSL ciphers-v "Null,export,low,des"

#可用man OpenSSL View the parameters of OpenSSL, custom construct commands

#Openssl需要大量密码学相关知识, commands are complex, results are poor readability, but powerful

Sslscan

Automatic identification of SSL configuration errors, expiration protocols, outdated cipher suite and hash algorithms

Crime, Heartbleed vulnerabilities are checked by default

Green indicates safety, yellow indicates warning, red indicates danger

TLS-supported cipher Suite

Sslscan--tlsall www.taobao.com:443

Analyze Certificate Details

Sslscan--show-certificate--no-ciphersuites www.taobao.com:443

Sslyze

Python language Writing

Check for outdated SSL versions

Check for cipher suite that has weaknesses

Support source files (Specify scanned files) when scanning multiple sites

Check whether session recovery is supported

Sslyze--regular www.taobao.com:443 "Call plugin"

#NAMP枚举SSL脚本

Nmap--script=ssl-enum-ciphers.nse www.taobao.com

Query Nmap Script

Web site "Https://www.ssllabs.com/ssltest" to check for SSL

Just enter the domain name "can hide your own IP"

Small white diary 52:kali penetration test Web penetration-https attack (Openssl, Sslscan, sslyze, Web site checking SSL)