After some days in Vegas attending Defcon 17 here we are to comment on the conference in what refers to subjects related to the web. In this first post I will comment on what I think it was the best lecture and how they mentioned he literally “broke internet’s security”. The lecture in question was More Tricks for defeating SSL”  https://www.defcon.org/html/defcon-17/dc-17-speakers.html#Marlinspike.

For those who do not know Moxie, in Black hat Europe he launched a tool called SSLStrip in which he exploited the basic characterisctic of http requirements for https that generally were sourced from a redirect. Basically, the sslstrip, together with an arspoof (attack of Man In The Middle – MITM) redirected  all traffic from gate 80 for its own analysis and, when it detected the redirect order for the https, it simply intermediated the process by returning to client a padlock favicon, thus letting the connection between client and sslstrip in pure text mode and the https connection was then established between sslstrop and the dominium server.

You can obtain more information about it on the post we placed at http://community.nstalker.com/new-techniques-for-defeating-ssl-in-practice-sslstrip.

In the lecture More Tricks defeating SSL he demonstrated MITM attacks against SSL/TLS emulating certificates (certificate signing request – CSR) due to flaws in NSS’ way of functioning,  Microsoft’s Crypto API and in the GnuTLS. This comprehends, as possible targets for MITM tools like firefox, Internet Explorer, Chrome, Outlook, Evolution and any other tool that might make use of the libs/api’s previously mentioned.

The attack he called Null prefix Attack is due to failure in the interpretation of the null “\0” prefix.

How it works:

The client browses the dominium in the subject (CN – common name) of the certificate, i.e., when the dominium  www.paypal.com is found in the certificate it will show something like  www.paypal.com\0, whereby client would accept certificate as valid.

The problem lies in the fact that clients do not verify whether the certifier comes from same order of dominium, i.e., by using a null prefix I can emulate any dominium under my own. Let’s think about nstalker.net. If we create a certificate for www.paypal.com.nstalker.net the browser will detect and consider it as being a sub-dominium of nstalker.net and will not accept it as a valid certificate coming from N-Stalker. However, if we create a certificate below nstalker.net for www.paypal.com\0.nstalker.net, the “\0” will deceive the client himself and will cause the possibility of allowing MITM emulate certificates (CSR). To make things even easier, if your target uses NSS applications like firefox, as one example, you may simply create a wildcard and effect MITM for ANY dominium you wish to attack, by simply creating a certificate for *\0.nstalker.net.

To make things even more easier he made the release of the SSLsniff v0.6 whereby you can effect the above process in an automatic way, along with an arpspoofing .

The range of attacks is huge, as he mentioned automatic firefox updates as one example of a big problem since confidence lies on the certificate, i.e., when you emulate that you are the dominium of the updates you simply make the browser update whatever you wish to and, to make matters worse, the updates do come habilitated to run automatically.

Indeed, we can say that SSL is something very critical to access  in places where you not fully aware of implemented security measures. We are performing tests and soon will obtain more practical details about this issue.

Links:

Blackhat presentation Video – http://www.thoughtcrime.org/software/sslsniff/video/null-prefix-attack.mov

Paper Null Prefix Attacks – http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf

How to generate CSR – http://www.verisign.com/support/ssl-certificates-support/page_dev019431.html

SSLsniff v0.6 – http://www.thoughtcrime.org/software/sslsniff/

N-Stalker Research Team