Sunday, June 4, 2023

ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Related links


  1. Termux Hacking Tools 2019
  2. Bluetooth Hacking Tools Kali
  3. Hacking Tools Name
  4. Wifi Hacker Tools For Windows
  5. Hack Tools Pc
  6. Pentest Tools For Ubuntu
  7. Pentest Reporting Tools
  8. Easy Hack Tools
  9. Pentest Automation Tools
  10. Pentest Tools
  11. New Hack Tools
  12. Hack Tools
  13. Hacking Apps
  14. Hacking Tools Windows
  15. Pentest Tools Url Fuzzer
  16. Hack Rom Tools
  17. How To Install Pentest Tools In Ubuntu
  18. Hack Apps
  19. Tools 4 Hack
  20. Pentest Tools Url Fuzzer
  21. Hacker Tools Free
  22. Hacker Tools Mac
  23. Nsa Hack Tools Download
  24. Hacking Tools Windows 10
  25. Free Pentest Tools For Windows
  26. Hacker Tools For Mac
  27. Hacker Tools For Windows
  28. Pentest Box Tools Download
  29. Tools 4 Hack
  30. Top Pentest Tools
  31. Best Hacking Tools 2020
  32. Hack Tools Pc
  33. How To Hack
  34. How To Install Pentest Tools In Ubuntu
  35. Bluetooth Hacking Tools Kali
  36. Hacker Tools Online
  37. Hacker Tools For Mac
  38. Pentest Tools Free
  39. Hack Website Online Tool
  40. Pentest Tools Kali Linux
  41. Hacking Tools Name
  42. Bluetooth Hacking Tools Kali
  43. Pentest Tools Find Subdomains
  44. Best Pentesting Tools 2018
  45. Hacking Tools 2019
  46. Hack Rom Tools
  47. Hacking Tools 2019
  48. Hacker Techniques Tools And Incident Handling
  49. Pentest Tools Open Source
  50. Hack Website Online Tool
  51. Pentest Recon Tools
  52. Hacker Tools Mac
  53. Pentest Box Tools Download
  54. Computer Hacker
  55. World No 1 Hacker Software
  56. Pentest Tools Url Fuzzer
  57. Hack Tools For Windows
  58. Blackhat Hacker Tools
  59. Hack Tools Pc
  60. Hacking App
  61. Hacking Tools Pc
  62. Pentest Tools For Windows
  63. Hacking Tools Download
  64. Hacker Tools For Ios
  65. Hacker Tools Free
  66. Hacker Tools For Pc
  67. Hacking Tools Free Download
  68. Hak5 Tools
  69. Pentest Tools Android
  70. Hack Tool Apk No Root
  71. Hacker
  72. Hacking Tools Github
  73. Hacker Tools For Mac
  74. Pentest Tools Alternative
  75. Pentest Automation Tools
  76. Hack Tools Pc
  77. Hacking Tools 2019
  78. Hack Tools Online
  79. Hacker Techniques Tools And Incident Handling
  80. Hacker Tools Hardware
  81. Pentest Tools Nmap
  82. Hack Tools Mac
  83. Top Pentest Tools
  84. Hacker Tools For Mac
  85. Blackhat Hacker Tools
  86. Hacker Tools Linux
  87. Hacking Tools Name
  88. Hacking Tools Windows 10
  89. Pentest Tools Review
  90. Usb Pentest Tools
  91. Tools For Hacker
  92. Hacking Tools Download
  93. Pentest Tools Alternative
  94. Pentest Tools For Windows
  95. Hack Tools
  96. Ethical Hacker Tools
  97. Hacker Tools For Pc
  98. Kik Hack Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)