Man in the Middle attacks - start [DISI Security Research ... Man in the Middle attacks Ali Davanian...

NetworkSecurityLab– UniversityofTrento– 2016-04-27

ManintheMiddleattacks

AliDavanian – AmitKumarGupta– JanHelgeWolf

JanWolfAmitGuptaAliDavanian

Section1- Introductionandconfiguration

• Introduction&configuration• HTTPMitM• HTTPSMitM• Defenses

2016-04-27 MitM Attacks - NetworkSecurity 2

Introduction– MitM

2016-04-27 MitMAttacks- NetworkSecurity 3

Introduction– HTTPoverTLS

• SecureSocketsLayer(SSL)/TransportLayerSecurity(TLS)• Cryptographicprotocoltosecurecommunicationchannels• Canbeaddedontopofmostcommunicationprotocols(HTTP,FTP,SMTP,IMAP,…)• Symmetriccryptographyfordataencryption• Asymmetriccryptographyfornegotiatingsymmetrickeysandauthenticatingthecommunicationpartner• Hierarchy-basedpublic-keyinfrastructurewithCertificationAuthorities(CAs)• HTTPS:Browsers/OSscomepreloadedwithalistoftrustedrootcertificates,whichareusedtocryptographicallysignintermediatecertificates,whichsignwebsitecertificates

• Trustchainisverifiedbythebrowserduringestablishmentofthesecureconnection(TLShandshake)

• Integritychecksfortransmitteddata

Introduction– Setup(1)

C/SVictim

MitMAttacker

Abstractsetup:

Technicalsetup:

192.168.1.1mybank.com

192.168.1.2

Introduction–Setup(2)

• Client/Webserver(victim)• Ubuntu14.04Desktop• Apachehttpd

• “Onlinebanking”application• Firefox

• FoxyProxy

• ManintheMiddle(attacker)• Ubuntu14.04Server• mitmproxy

• Laptop• Slides

Section2– HTTPMitM

• Introductionandconfiguration• HTTPMitM• Passiveattack

• HTTPSMitM• Problem• sslstrip• Certificateforgery

• Defenses

• OpenAttackervirtualmachine(credentials:attacker/attacker)• Runmitmproxy onattacker’smachine(mitmproxy)

HTTPMitM passiveattack– Step1

HTTPMitM passiveattack– Step2(1)

• OpenVictimvirtualmachine• OpenFirefox• Activatetheproxy• Visitmybank.comandlogin

• Userisuser• Passwordisuser

HTTPMitM passiveattack– Step2(2)

HTTPMitM passiveattack– Step3

• OpentheAttackervirtualmachine• CheckdetailsoftheHTTPPOSTrequesttomybank.comanditsresponse(includingcredentials)

Section3– HTTPSMitM

• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip• Certificateforgery

• Defenses

HTTPSMitM – Problem

• Encryptedprotocol->notrivialMitM possible• Authenticatedprotocol->noTLSterminationpossible

HTTPSMitM – Demonstration

• Visithttps://ssl.mybank.comwithandwithoutproxy(Compare)

WithoutMitM andproxy

WithMitM andproxy

Section3– Phase2

• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip

• Activeattack• Certificateforgery

• Defenses

HTTPSMitM – sslstrip

• Problem:HTTPSisregularlynegotiatedoverHTTP• HTTP30Xredirects• Client-sideredirect(JavaScript,meta-refresh,…)• Formactionlocation• Links

• HTTPcanbeinterceptedandmanipulatedtoprevent establishmentofencryptedconnections

HTTPSMitM – sslstrip – Step1

• Opentheattackervirtualmachine• Stopmitmproxy bytyping:• q• y

• Typecd ~/mitmproxy/ (Tilde:AltGr+)• Youshouldseesslstrip.pybytypingls• Startmitmproxywithsslstrip:

• mitmproxy -s sslstrip.py

HTTPSMitM – sslstrip – Step2(1)

• OpentheVictimvirtualmachine• Openthebrowser,deactivatetheproxy• Visit ssl.mybank.com• CheckthesourcecodeusingFirefoxinspector(rightclick->Inspectelement)• Activatetheproxy,refreshthepage,andcomparethesourcecode• Loginusingknowncredentials• HTTPSredirectdoesnothappen• ThewebsiteisservedinHTTP• Userwillobservenoerrorinthebrowser

HTTPSMitM – sslstrip – Step2(2)

Section3– Phase2

• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip

• Activeattack• Certificateforgery

• Defenses

HTTPSMitM – ActiveAttack– Step1

• Opentheattackervirtualmachine• Pressi• Type~q | ~s andpressEntertoactivateinterceptionforallrequestsandallresponses

• OpenVictimvirtualmachine• Openthebrowser• Youshouldstillbeloggedintossl.mybank.com• Click“Wiretransfer”• Accepttherequestandtheresponsebypressinga twiceontheattackermachine

• Performtransferof10€ toaccountIT000000000

HTTPSMitM – ActiveAttack– Step4(1)

• Opentheinterceptedrequestandmanipulateit• Ontherequesttabpresse• Pressr afterwards,editoropens

• Manipulatetherequestastotransfer500€ toaccountIT5555555555• ReplaceaccountIT0000000000byIT5555555555• Replaceamountby500• PressCTRL+Xtoexit• Savechanges(y)todefaultfile

• Pressa toacceptthemanipulatedrequest• PressTab togototheresponsetab• Ontheresponsetab,presse• Pressr,editoropens

• Deceivetheuser• ReplaceaccountIT5555555555byIT0000000000• Replaceamountbyoriginalamount(default10)• PressCTRL+Xtoexit,• Savechanges(y)todefaultfile• Accepttheresponsebypressinga• Pressq toleavethedetailview

• Pressi,deletethecurrentinterceptfilterandpressEnter

Section3– Phase3

• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip• Certificateforgery

• Defenses

HTTPSMitM – Certificateforgery(1)

• Whatisasignature?• Thesignatureprovestheauthenticityofthecertificate

HTTPSMitM – Certificateforgery (2)

• Authenticcertificate• Ifthecertificateauthority’ssignatureisinyourcomputer

• Forgedcertificate• Unknownsigner->errorinyourbrowser

• AmIsecureifIdon’tseetheerror?• RogueCAmightbelistedastrustworthybyyourcomputer

• LenovoSuperfish examplefromclass

• Wedothesamehereandinstallthecertificateauthoritymanually

HTTPSMitM – Certificateforgery– Step1(1)

• Openthevictimvirtualmachine• Openthebrowser• Makesuretheproxyisset• Openmitm.it• Choose“other”• Checkthefirstboxandclickok

HTTPSMitM – Certificateforgery– Step1(2)

HTTPSMitM – Certificateforgery– Step2

• Recalltheearliererrormessagewhenvisitinghttps://ssl.mybank.comwhileusingtheproxy• Visithttps://ssl.mybank.comagainwhiletheproxyisactive

WithoutMitM andproxy

WithMitM andproxy

Section4- Defenses

• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Defenses

HTTPStrictTransportSecurity(HSTS)

• HTTPheadercodifiedinRFC6797(Nov2012)• “TLSSupercookie”• BasedonTrust-on-First-Usemodel• UservisitsHTTPSwebsite• ServerrespondswithHSTSheader,indicatingatimeperiod• Browserstoresthisinformationandwillrejectallnon-HTTPSconnectionstothisdomain

• Browserpreloadpossible

HTTPPublicKeyPinning

• HTTPheadercodifiedinRFC7469(Apr2015)• AlsocalledCertificatePinning• BasedonTrust-on-First-Usemodel• UservisitsHTTPSwebsite• ServerrespondswithHPKPheader,indicating

• theSHA-256hashofitspublickey,• theSHA-256hashofabackuppublickey,• atimeperiod

• BrowserstoresthisinformationandwillrejectallHTTPSconnectionstothisdomainifthepresentedpublickeydoesnotmatch

• Browserpreloadforpopularwebsites

…andofcourse

• Don’ttrustunknownhotspots• Certainlydon’ttrustunknowncertificates• There’snowayyou’regoingtotrustanunknownCertificationAuthority• …right?

References

• TLS:RFC5246(https://tools.ietf.org/html/rfc5246)• HSTS:RFC6797(https://tools.ietf.org/html/rfc6797)• HPKP:RFC7469(https://tools.ietf.org/html/rfc7469)• sslstrip:nativesoftware(https://moxie.org/software/sslstrip/)andoriginalBlackhat talk(https://www.youtube.com/watch?v=MFol6IMbZ7Y),bothbyMoxieMarlinspike• mitmproxy:https://mitmproxy.org/

Man in the Middle attacks - start [DISI Security Research ... Man in the Middle attacks Ali Davanian...

Documents

Network Security: WLAN Security · disassociation and deauthentication attacks Authentication not bound to the session → man-in-the-middle and replay attacks Authentication based

Detection of Man-in-the-Middle Attacks on Industrial ... · 05.11.2016 1 Detection of Man-in-the-Middle Attacks on Industrial Control Systems Oliver Eigner, Philipp Kreimel, Paul

A current analysis of man in the middle (mitm) attacks

Network security man in the middle (MITM) attacks

Persistent e ects of man-in-the-middle attacks

Towards Understanding Man-In-The-Middle Attacks on IEC

Towards Understanding Man-In-The-Middle Attacks on … · 1Google dork is using Google’s advanced features to locate ... Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5

XOTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens

Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks

Cloak and Dagger: Man-In-The-Middle and Other Insidious ...ramki/downloads/papers/cloakPreprint.pdf · Cloak and Dagger: Man-In-The-Middle and Other Insidious Attacks Abstract

Cyber Security Solutions for Critical Infrastructure€¦ · Virus / Worm Propagation Denial of Service Man-in-the-Middle Attacks Routing Misconfiguration Adaptive Attacks Sniffing

Threat Advisory: Man-In-The-Middle Attacks Target iOS and Android

Security of Cellular Network s : Man-in-the Middle Attacks

Towards Understanding Man-In-The-Middle Attacks on IEC … · 2017-11-01 · Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks Maynard• McLaughlin•

IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The

Persistent e ects of man-in-the-middle attacks · Abstract Does a man-in-the-middle attack have long term consequences? In man-in-the-middle attacks, an attacker is able to read and

Man-in-The-Middle Attacks and Defense in a Power System

Detection of Man-in-the-middle Attacks Using Physical ... · PDF fileDetection of Man-in-the-middle Attacks Using Physical Layer Wireless Security Techniques by Le Wang A Thesis Submitted

On the Effective Prevention of TLS Man-in-the- Middle ... · USENIX Association 23rd USENIX Security Symposium 671 On the Effective Prevention of TLS Man-In-The-Middle Attacks in

Man in the middle attacks on IEC 60870-5-104