Embed Size (px)
Citation preview
NetworkSecurityLab– UniversityofTrento– 2016-04-27
ManintheMiddleattacks
AliDavanian – AmitKumarGupta– JanHelgeWolf
JanWolfAmitGuptaAliDavanian
Section1- Introductionandconfiguration
• Introduction&configuration• HTTPMitM• HTTPSMitM• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 2
Introduction– MitM
C1
C2
C3
S1
S2
S3
S4
S5
S6
S7
S8
S9
S
2016-04-27 MitMAttacks- NetworkSecurity 3
Introduction– HTTPoverTLS
2016-04-27 MitMAttacks- NetworkSecurity 4
• SecureSocketsLayer(SSL)/TransportLayerSecurity(TLS)• Cryptographicprotocoltosecurecommunicationchannels• Canbeaddedontopofmostcommunicationprotocols(HTTP,FTP,SMTP,IMAP,…)• Symmetriccryptographyfordataencryption• Asymmetriccryptographyfornegotiatingsymmetrickeysandauthenticatingthecommunicationpartner• Hierarchy-basedpublic-keyinfrastructurewithCertificationAuthorities(CAs)• HTTPS:Browsers/OSscomepreloadedwithalistoftrustedrootcertificates,whichareusedtocryptographicallysignintermediatecertificates,whichsignwebsitecertificates
• Trustchainisverifiedbythebrowserduringestablishmentofthesecureconnection(TLShandshake)
• Integritychecksfortransmitteddata
Introduction– Setup(1)
2016-04-27 MitMAttacks- NetworkSecurity 5
C S
MitM
C/SVictim
MitMAttacker
Abstractsetup:
Technicalsetup:
192.168.1.1mybank.com
192.168.1.2
Introduction–Setup(2)
• Client/Webserver(victim)• Ubuntu14.04Desktop• Apachehttpd
• “Onlinebanking”application• Firefox
• FoxyProxy
• ManintheMiddle(attacker)• Ubuntu14.04Server• mitmproxy
• Laptop• Slides
2016-04-27 MitM Attacks - NetworkSecurity 6
Section2– HTTPMitM
• Introductionandconfiguration• HTTPMitM• Passiveattack
• HTTPSMitM• Problem• sslstrip• Certificateforgery
• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 7
• OpenAttackervirtualmachine(credentials:attacker/attacker)• Runmitmproxy onattacker’smachine(mitmproxy)
2016-04-27 MitMAttacks- NetworkSecurity 8
HTTPMitM passiveattack– Step1
HTTPMitM passiveattack– Step2(1)
• OpenVictimvirtualmachine• OpenFirefox• Activatetheproxy• Visitmybank.comandlogin
• Userisuser• Passwordisuser
2016-04-27 MitMAttacks- NetworkSecurity 9
HTTPMitM passiveattack– Step2(2)
2016-04-27 MitMAttacks- NetworkSecurity 10
HTTPMitM passiveattack– Step3
• OpentheAttackervirtualmachine• CheckdetailsoftheHTTPPOSTrequesttomybank.comanditsresponse(includingcredentials)
2016-04-27 MitMAttacks- NetworkSecurity 11
Section3– HTTPSMitM
• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip• Certificateforgery
• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 12
HTTPSMitM – Problem
2016-04-27 MitMAttacks- NetworkSecurity 13
C
S
• Encryptedprotocol->notrivialMitM possible• Authenticatedprotocol->noTLSterminationpossible
MitM
HTTPSMitM – Demonstration
2016-04-27 MitMAttacks- NetworkSecurity 14
• Visithttps://ssl.mybank.comwithandwithoutproxy(Compare)
WithoutMitM andproxy
WithMitM andproxy
Section3– Phase2
• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip
• Activeattack• Certificateforgery
• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 15
HTTPSMitM – sslstrip
2016-04-27 MitMAttacks- NetworkSecurity 16
• Problem:HTTPSisregularlynegotiatedoverHTTP• HTTP30Xredirects• Client-sideredirect(JavaScript,meta-refresh,…)• Formactionlocation• Links
• HTTPcanbeinterceptedandmanipulatedtoprevent establishmentofencryptedconnections
HTTPSMitM – sslstrip – Step1
• Opentheattackervirtualmachine• Stopmitmproxy bytyping:• q• y
• Typecd ~/mitmproxy/ (Tilde:AltGr+)• Youshouldseesslstrip.pybytypingls• Startmitmproxywithsslstrip:
• mitmproxy -s sslstrip.py
2016-04-27 MitMAttacks- NetworkSecurity 17
HTTPSMitM – sslstrip – Step2(1)
• OpentheVictimvirtualmachine• Openthebrowser,deactivatetheproxy• Visit ssl.mybank.com• CheckthesourcecodeusingFirefoxinspector(rightclick->Inspectelement)• Activatetheproxy,refreshthepage,andcomparethesourcecode• Loginusingknowncredentials• HTTPSredirectdoesnothappen• ThewebsiteisservedinHTTP• Userwillobservenoerrorinthebrowser
2016-04-27 MitMAttacks- NetworkSecurity 18
HTTPSMitM – sslstrip – Step2(2)
2016-04-27 MitMAttacks- NetworkSecurity 19
Section3– Phase2
• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip
• Activeattack• Certificateforgery
• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 20
HTTPSMitM – ActiveAttack– Step1
• Opentheattackervirtualmachine• Pressi• Type~q | ~s andpressEntertoactivateinterceptionforallrequestsandallresponses
2016-04-27 MitMAttacks- NetworkSecurity 21
HTTPSMitM – ActiveAttack– Step2
• OpenVictimvirtualmachine• Openthebrowser• Youshouldstillbeloggedintossl.mybank.com• Click“Wiretransfer”• Accepttherequestandtheresponsebypressinga twiceontheattackermachine
2016-04-27 MitMAttacks- NetworkSecurity 22
HTTPSMitM – ActiveAttack– Step3
• Performtransferof10€ toaccountIT000000000
2016-04-27 MitMAttacks- NetworkSecurity 23
HTTPSMitM – ActiveAttack– Step4(1)
• Opentheinterceptedrequestandmanipulateit• Ontherequesttabpresse• Pressr afterwards,editoropens
2016-04-27 MitMAttacks- NetworkSecurity 24
HTTPSMitM – ActiveAttack– Step4(2)
• Manipulatetherequestastotransfer500€ toaccountIT5555555555• ReplaceaccountIT0000000000byIT5555555555• Replaceamountby500• PressCTRL+Xtoexit• Savechanges(y)todefaultfile
2016-04-27 MitMAttacks- NetworkSecurity 25
HTTPSMitM – ActiveAttack– Step5(1)
• Pressa toacceptthemanipulatedrequest• PressTab togototheresponsetab• Ontheresponsetab,presse• Pressr,editoropens
2016-04-27 MitMAttacks- NetworkSecurity 26
HTTPSMitM – ActiveAttack– Step5(2)
2016-04-27 MitMAttacks- NetworkSecurity 27
• Deceivetheuser• ReplaceaccountIT5555555555byIT0000000000• Replaceamountbyoriginalamount(default10)• PressCTRL+Xtoexit,• Savechanges(y)todefaultfile• Accepttheresponsebypressinga• Pressq toleavethedetailview
• Pressi,deletethecurrentinterceptfilterandpressEnter
HTTPSMitM – ActiveAttack– Step5(3)
2016-04-27 MitMAttacks- NetworkSecurity 28
Section3– Phase3
• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Problem• sslstrip• Certificateforgery
• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 29
HTTPSMitM – Certificateforgery(1)
• Whatisasignature?• Thesignatureprovestheauthenticityofthecertificate
2016-04-27 MitMAttacks- NetworkSecurity 30
HTTPSMitM – Certificateforgery (2)
• Authenticcertificate• Ifthecertificateauthority’ssignatureisinyourcomputer
• Forgedcertificate• Unknownsigner->errorinyourbrowser
• AmIsecureifIdon’tseetheerror?• RogueCAmightbelistedastrustworthybyyourcomputer
• LenovoSuperfish examplefromclass
• Wedothesamehereandinstallthecertificateauthoritymanually
2016-04-27 MitMAttacks- NetworkSecurity 31
HTTPSMitM – Certificateforgery– Step1(1)
• Openthevictimvirtualmachine• Openthebrowser• Makesuretheproxyisset• Openmitm.it• Choose“other”• Checkthefirstboxandclickok
2016-04-27 MitMAttacks- NetworkSecurity 32
HTTPSMitM – Certificateforgery– Step1(2)
2016-04-27 MitMAttacks- NetworkSecurity 33
HTTPSMitM – Certificateforgery– Step2
2016-04-27 MitMAttacks- NetworkSecurity 34
• Recalltheearliererrormessagewhenvisitinghttps://ssl.mybank.comwhileusingtheproxy• Visithttps://ssl.mybank.comagainwhiletheproxyisactive
WithoutMitM andproxy
WithMitM andproxy
Section4- Defenses
• Introductionandconfiguration• HTTPMitM• HTTPSMitM• Defenses
2016-04-27 MitM Attacks - NetworkSecurity 35
HTTPStrictTransportSecurity(HSTS)
2016-04-27 MitMAttacks- NetworkSecurity 36
• HTTPheadercodifiedinRFC6797(Nov2012)• “TLSSupercookie”• BasedonTrust-on-First-Usemodel• UservisitsHTTPSwebsite• ServerrespondswithHSTSheader,indicatingatimeperiod• Browserstoresthisinformationandwillrejectallnon-HTTPSconnectionstothisdomain
• Browserpreloadpossible
HTTPPublicKeyPinning
2016-04-27 MitMAttacks- NetworkSecurity 37
• HTTPheadercodifiedinRFC7469(Apr2015)• AlsocalledCertificatePinning• BasedonTrust-on-First-Usemodel• UservisitsHTTPSwebsite• ServerrespondswithHPKPheader,indicating
• theSHA-256hashofitspublickey,• theSHA-256hashofabackuppublickey,• atimeperiod
• BrowserstoresthisinformationandwillrejectallHTTPSconnectionstothisdomainifthepresentedpublickeydoesnotmatch
• Browserpreloadforpopularwebsites
…andofcourse
2016-04-27 MitMAttacks- NetworkSecurity 38
• Don’ttrustunknownhotspots• Certainlydon’ttrustunknowncertificates• There’snowayyou’regoingtotrustanunknownCertificationAuthority• …right?
References
2016-04-27 MitMAttacks- NetworkSecurity 39
• TLS:RFC5246(https://tools.ietf.org/html/rfc5246)• HSTS:RFC6797(https://tools.ietf.org/html/rfc6797)• HPKP:RFC7469(https://tools.ietf.org/html/rfc7469)• sslstrip:nativesoftware(https://moxie.org/software/sslstrip/)andoriginalBlackhat talk(https://www.youtube.com/watch?v=MFol6IMbZ7Y),bothbyMoxieMarlinspike• mitmproxy:https://mitmproxy.org/
![TCP Sequence Number Inference Attac [Schreibgesch tzt]) · 2013-07-10 · Known Attacks against TCP 222 Man-in-the-middle based attacks Read, modify, insert TCP content Off-path attacks](https://img.pdfslide.net/doc/110x75/5f4d29c078dbbb4fb735d2c3/tcp-sequence-number-inference-attac-schreibgesch-tzt-2013-07-10-known-attacks.jpg)
