ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Read more

1. Hacking Tools Mac
2. Best Pentesting Tools 2018
3. Hacking Tools Windows 10
4. Hacking Tools Pc
5. Hack Tool Apk No Root
6. Github Hacking Tools
7. Hacking Tools 2020
8. Hacker Tools Linux
9. Hack Tools For Windows
10. Hacker Tools 2019
11. Android Hack Tools Github
12. Pentest Tools Windows
13. Hacking Tools Name
14. Pentest Tools Github
15. New Hack Tools
16. Hack Tools Online
17. Hacker Search Tools
18. Beginner Hacker Tools
19. Free Pentest Tools For Windows
20. Hacking Tools 2019
21. Hack Tools Online
22. What Is Hacking Tools
23. Hacker Tools Apk
24. Pentest Tools For Windows
25. Hacking Tools And Software
26. Hacker Tools 2019
27. Game Hacking
28. World No 1 Hacker Software
29. Blackhat Hacker Tools
30. Termux Hacking Tools 2019
31. Wifi Hacker Tools For Windows
32. Hacker Tools 2019
33. Hack Tools Github
34. Physical Pentest Tools
35. Hack Tools For Windows
36. Hacking Tools For Windows 7
37. Hak5 Tools
38. Black Hat Hacker Tools
39. How To Install Pentest Tools In Ubuntu
40. Growth Hacker Tools
41. Pentest Tools For Android
42. Pentest Tools Kali Linux
43. Pentest Tools Port Scanner
44. Game Hacking
45. Pentest Tools Open Source
46. Pentest Tools Website
47. Pentest Tools Kali Linux
48. Free Pentest Tools For Windows
49. Hacker Tools Online
50. Pentest Tools For Mac
51. Physical Pentest Tools
52. Hacking App
53. Hackrf Tools
54. Hacking Tools 2020
55. Hacker Tools Github
56. Hack Tools For Games
57. Hacking Tools Online
58. Hack Tool Apk No Root
59. Hacking Tools Usb
60. Hacker Tools Apk Download
61. Nsa Hack Tools
62. Hacking Tools Mac
63. Bluetooth Hacking Tools Kali
64. Hack Tools Download
65. Hack Tools For Games
66. Hack Tools Download
67. Hacking Tools Mac
68. Pentest Tools Website Vulnerability
69. Pentest Tools Github
70. Physical Pentest Tools
71. Hack Tools Download
72. Hack Tools 2019
73. Hacking Tools For Windows 7
74. Pentest Automation Tools
75. Pentest Tools Android
76. New Hacker Tools
77. Pentest Tools For Mac
78. Hacker Tools Free
79. What Are Hacking Tools
80. Pentest Tools Website Vulnerability
81. Hacking Tools Github
82. Pentest Tools Port Scanner
83. Hacking Tools For Windows 7
84. Hack And Tools
85. Pentest Tools Tcp Port Scanner
86. Pentest Tools Github
87. Hack Tools For Windows
88. Hacking Tools Name
89. Hacking Tools Windows 10
90. Hack Tool Apk No Root
91. Black Hat Hacker Tools
92. Pentest Tools Website
93. Hack Tools Github
94. Pentest Tools For Android
95. Hak5 Tools
96. Pentest Tools List
97. Pentest Tools Subdomain
98. Computer Hacker
99. Hack Tools For Mac
100. Hacker Tools
101. Wifi Hacker Tools For Windows
102. Hacker
103. Hack And Tools
104. Beginner Hacker Tools
105. Pentest Tools Bluekeep
106. Pentest Tools Download
107. Hacker Tools Online
108. Hacker Tools Free
109. Hack Tools Github
110. Best Hacking Tools 2019
111. Pentest Tools Review
112. Hack Tools 2019
113. Hackers Toolbox
114. Hacker Tools 2020
115. Hack Tools For Pc
116. Hacker Tools Mac
117. Pentest Tools For Ubuntu
118. Pentest Tools For Windows
119. Bluetooth Hacking Tools Kali
120. Physical Pentest Tools
121. Pentest Tools List
122. How To Install Pentest Tools In Ubuntu
123. Pentest Tools For Android
124. Hacker Tools Software
125. Hacking Tools Windows 10
126. Hacking Tools For Windows
127. Hacking Tools For Games
128. Hack Tools Pc
129. Hack And Tools
130. Hack And Tools