 |  |  |  |  |  |  |  |  |  |
Chappell Seminars
TM
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
| Recent Blog Entries (RSS Feed) |
| [R] Recorded course available - included in All-Access Pass (additional recordings in production) |
| COURSE LIST (View Schedule) |
50% off Summit 09 Registration More info
Summit 09 50% off for
All Access Pass Members
All Access Pass Members
SSL/TLS Flawed
Configure Wireshark to Decrypt
Attack Traces from PhoneFactor
Configure Wireshark to Decrypt
Attack Traces from PhoneFactor
It seemed such a coincidence, I sent out a teaser for a project underway and
alluded to the security implications - the project, however, was not related to the
SSL/TLS vulnerability that hit the public last Thursday.
How bad is this SSL/TLS vulnerability? Amazingly horrid!
alluded to the security implications - the project, however, was not related to the
SSL/TLS vulnerability that hit the public last Thursday.
How bad is this SSL/TLS vulnerability? Amazingly horrid!
Posted: 2009-11-11 10:19:54 UTC-07:00
Summit 09 Notice: We will analyze the HTTPS
handshake process at Summit 09.
Summit 09 Notice: We will analyze the HTTPS
handshake process at Summit 09.
Listen Up! (MP3 - 1MB)
Click here to download Ron Nutter's interview with Steve
Dispensa (or grab the .zip file here) - one of the PhoneFactor
guys who demonstrated the vulnerability to a working group
of affected vendors and representatives of various standards
committees.
Click here to download Ron Nutter's interview with Steve
Dispensa (or grab the .zip file here) - one of the PhoneFactor
guys who demonstrated the vulnerability to a working group
of affected vendors and representatives of various standards
committees.
Read Up!
Steve Dispensa and Marsh Ray of PhoneFactor wrote an 8-page overview of the
issue which is based on the TLS renegotiation process. The figure below shows
the basic SSL/TLS handshake process.
In Wireshark, the display filter ssl.record.content_type == 22 extracts
SSL/TLS handshake packets.
The document written by Steve and Ray defines the security issues
demonstrated against recent Microsoft IIS and Apache httpd versions. In
essence, the renegotiate attack method defined is used to inject malicious code
into the "secure" connection.
One of the most interesting areas of the document focuses on the use of request
splicing in which two HTTP requests are combined. The first request triggers the
renegotiation while the second request effectively comments out the first request
and overrides it with the malicious one.
Analyze the Attacks Yourself
Download the PhoneFactor document, numerous trace files (including
decryption keys), protocol diagrams and details here.
Hint: In Wireshark, enable the Preferences > TCP > Allow Subdissector to
Reassemble TCP Streams to view the SSL/TLS handshake more clearly.
Step 1: Get the Traces/Keys
Download and extract the files into a directory called "ugly". (Again - download
from here.)
Step 2: Set up SSL with Keys
Private keys to decrypt the traces are in the 'caps' and 'certs' directories. For
simplicity sake, I recommend you create a \keys directory and copy all the keys
there.
To decrypt the client_init_renego.pcap file, I used Preferences > Protocols > SSL
and entered the following value:
192.168.80.125,443,http,c:\users\laura\keys\ws01.mogul.test.key
When you have successfully set up decryption, your traffic should indicate HTTP
in the protocol column and, if colorization is enabled, the lovely lime-green color
of HTTP traffic.
Step 3: Follow the SSL Stream
Once you have applied the decryption, you can right-click on one of the HTTP
packets and select Follow SSL Stream to reassemble the traffic as shown below.
In the figure above we can see the request to GET /evil.html and the x-ignore line
for GET /index.html. This process of using the ignore header prefix is described
on page 3 of the Renegotiating TLS.pdf document.
Inside the SSL/TLS Handshake - Another "Must Read"
Jeff Moser penned an impressive blog entry entitled "The First Few Milliseconds
of an HTTP Connection" which analyzes the handshake process, selection of a
cipher suite and use of the RSA algorithm. Read Jeff's blog here.
What's the Solution?
The document written by Marsh Ray and Steve Dispensa paints a pretty gloomy
picture of possible remedies.
"There appear to be few silver bullets to address these issues."
Ultimately, the fix will require protocol changes - a laboriously painful process
that can have unforeseen consequences related to compatibility problems. The
paper forthrightly defines the possibility of 'breaking' as well as
backwards-compatible protocol changes. It takes serious 01's to throw that
'breaking' term in there. It's no fun being the bearer of such bad news. What a
hassle.
In the meantime, I imagine the efforts to exploit vulnerable SSL/TLS connections
is underway - those malicious teams might be working longer hours than the
vendor/committee teams focused on a resolution.
Big money is at stake.
Enjoy life one bit at a time!
Laura
Steve Dispensa and Marsh Ray of PhoneFactor wrote an 8-page overview of the
issue which is based on the TLS renegotiation process. The figure below shows
the basic SSL/TLS handshake process.
In Wireshark, the display filter ssl.record.content_type == 22 extracts
SSL/TLS handshake packets.
The document written by Steve and Ray defines the security issues
demonstrated against recent Microsoft IIS and Apache httpd versions. In
essence, the renegotiate attack method defined is used to inject malicious code
into the "secure" connection.
One of the most interesting areas of the document focuses on the use of request
splicing in which two HTTP requests are combined. The first request triggers the
renegotiation while the second request effectively comments out the first request
and overrides it with the malicious one.
Analyze the Attacks Yourself
Download the PhoneFactor document, numerous trace files (including
decryption keys), protocol diagrams and details here.
Hint: In Wireshark, enable the Preferences > TCP > Allow Subdissector to
Reassemble TCP Streams to view the SSL/TLS handshake more clearly.
Step 1: Get the Traces/Keys
Download and extract the files into a directory called "ugly". (Again - download
from here.)
Step 2: Set up SSL with Keys
Private keys to decrypt the traces are in the 'caps' and 'certs' directories. For
simplicity sake, I recommend you create a \keys directory and copy all the keys
there.
To decrypt the client_init_renego.pcap file, I used Preferences > Protocols > SSL
and entered the following value:
192.168.80.125,443,http,c:\users\laura\keys\ws01.mogul.test.key
When you have successfully set up decryption, your traffic should indicate HTTP
in the protocol column and, if colorization is enabled, the lovely lime-green color
of HTTP traffic.
Step 3: Follow the SSL Stream
Once you have applied the decryption, you can right-click on one of the HTTP
packets and select Follow SSL Stream to reassemble the traffic as shown below.
In the figure above we can see the request to GET /evil.html and the x-ignore line
for GET /index.html. This process of using the ignore header prefix is described
on page 3 of the Renegotiating TLS.pdf document.
Inside the SSL/TLS Handshake - Another "Must Read"
Jeff Moser penned an impressive blog entry entitled "The First Few Milliseconds
of an HTTP Connection" which analyzes the handshake process, selection of a
cipher suite and use of the RSA algorithm. Read Jeff's blog here.
What's the Solution?
The document written by Marsh Ray and Steve Dispensa paints a pretty gloomy
picture of possible remedies.
"There appear to be few silver bullets to address these issues."
Ultimately, the fix will require protocol changes - a laboriously painful process
that can have unforeseen consequences related to compatibility problems. The
paper forthrightly defines the possibility of 'breaking' as well as
backwards-compatible protocol changes. It takes serious 01's to throw that
'breaking' term in there. It's no fun being the bearer of such bad news. What a
hassle.
In the meantime, I imagine the efforts to exploit vulnerable SSL/TLS connections
is underway - those malicious teams might be working longer hours than the
vendor/committee teams focused on a resolution.
Big money is at stake.
Enjoy life one bit at a time!
Laura
ALL ACCESS PASS
includes Core 1, Core 2, Whiteboard
Videos, Ask Laura Videos, Trace File
Videos, Trace Files and access to all the
recorded Chappell Seminars.
[View the All Access Info PDF...]
Single membership; individual account
info@chappellU.com
includes Core 1, Core 2, Whiteboard
Videos, Ask Laura Videos, Trace File
Videos, Trace Files and access to all the
recorded Chappell Seminars.
[View the All Access Info PDF...]
Single membership; individual account
info@chappellU.com
$999
REGISTER FOR WEEKLY NEWS
Copyright Chappell University
All Rights Reserved
Privacy Policy
All Rights Reserved
Privacy Policy
20+ years of analysis experience and 10+
years of Wireshark/Ethereal experience
rolled into a single book.
- Forward by Gerald Combs, Creator of
Wireshark
- Practical tips throughout
- Basic through advanced techniques
- Undocumented features
- Exporting for reporting tricks
- Find the needle in the haystack
- Analyze unruly applications
- Spot the cause of slow web browsing
- Identify WLAN problems
- Analyze and replay VoIP connections
- Reassemble traffic of all kinds
- Catch scanning/discovery processes
- Hundreds of sample traffic files to work on
- Chapter review/answer sections
- Real world case studies
- Tricks for command-line capture
- Remote capture solutions
- Decrypting SSL traffic
- Tips for capturing on switched nets
- Custom profile configurations included
- Security color filters included
- more...
Sign up for the newsletter to be notified of
the book release!
years of Wireshark/Ethereal experience
rolled into a single book.
- Forward by Gerald Combs, Creator of
Wireshark
- Practical tips throughout
- Basic through advanced techniques
- Undocumented features
- Exporting for reporting tricks
- Find the needle in the haystack
- Analyze unruly applications
- Spot the cause of slow web browsing
- Identify WLAN problems
- Analyze and replay VoIP connections
- Reassemble traffic of all kinds
- Catch scanning/discovery processes
- Hundreds of sample traffic files to work on
- Chapter review/answer sections
- Real world case studies
- Tricks for command-line capture
- Remote capture solutions
- Decrypting SSL traffic
- Tips for capturing on switched nets
- Custom profile configurations included
- Security color filters included
- more...
Sign up for the newsletter to be notified of
the book release!
RELEASE: MARCH 2010
Review the Table of Contents
Peek at sample pages
Peek at sample pages