ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Continue reading

1. Hacker Tool Kit
2. Best Pentesting Tools 2018
3. Hacker Tools Windows
4. Best Hacking Tools 2019
5. Kik Hack Tools
6. Nsa Hacker Tools
7. Nsa Hacker Tools
8. Hacker Tools Mac
9. How To Make Hacking Tools
10. Hacking Tools For Windows
11. Pentest Tools Apk
12. Pentest Tools Linux
13. Hack Tools 2019
14. Hacking Tools For Mac
15. Hacking Tools Windows
16. Hacking Tools 2019
17. Pentest Tools Github
18. Hacking Tools Windows 10
19. Pentest Tools Nmap
20. Hacking Tools Pc
21. Usb Pentest Tools
22. Pentest Tools Url Fuzzer
23. Hacker Tools For Pc
24. Pentest Tools Android
25. Hacking Tools Windows
26. Hacker Tools Apk Download
27. Pentest Tools Windows
28. Pentest Tools Bluekeep
29. Hacking Tools Windows 10
30. Kik Hack Tools
31. Hack Tools For Games
32. Hack Tools Mac
33. How To Make Hacking Tools
34. Hacker Tools For Windows
35. Pentest Tools Kali Linux
36. Pentest Tools Github
37. Game Hacking
38. Hack Tools
39. Free Pentest Tools For Windows
40. Hacker Tools Windows
41. Physical Pentest Tools
42. Hack Tools For Mac
43. Hack Tools
44. Pentest Tools Download
45. Hack Tools For Mac
46. Hack Apps
47. Hacking Tools For Pc
48. Tools For Hacker
49. Hacking Apps
50. Hacking Tools For Kali Linux
51. Hacking Tools Name
52. Tools 4 Hack
53. Hacker Tools Mac
54. Tools Used For Hacking
55. World No 1 Hacker Software
56. Hack Tool Apk No Root
57. Hacking Apps
58. Tools For Hacker
59. Pentest Box Tools Download
60. Nsa Hacker Tools
61. Pentest Reporting Tools
62. Computer Hacker
63. Hacking Tools Free Download
64. Hacking Tools 2019
65. Pentest Tools Framework
66. Hack Tools Mac
67. Hacker Tools 2019
68. Hack Tools For Games
69. Pentest Box Tools Download
70. Hack Tools
71. Pentest Tools For Mac
72. Pentest Tools Website
73. Install Pentest Tools Ubuntu
74. Nsa Hacker Tools
75. Hacker Hardware Tools
76. Hack App
77. Hack Tools Online
78. Hack Tools 2019
79. Pentest Tools Website Vulnerability
80. Hacking Tools Pc
81. Pentest Tools Apk
82. Hacking Tools For Beginners
83. Hacking Tools Free Download
84. Pentest Tools Open Source
85. Hacking Tools Hardware
86. Hack And Tools
87. Pentest Tools List
88. Hacking Tools 2019
89. Pentest Box Tools Download
90. Tools 4 Hack
91. Hacker Tools 2020
92. Hacker Tools Mac
93. Nsa Hack Tools Download
94. Hacker Tools 2020
95. Hack Tools Mac
96. Pentest Tools Apk
97. How To Install Pentest Tools In Ubuntu
98. Hacking Tools For Windows Free Download
99. Wifi Hacker Tools For Windows
100. Hacking Tools Github
101. Hacking Tools For Mac
102. Pentest Tools Linux
103. Hack And Tools
104. Pentest Tools Subdomain
105. Pentest Tools For Ubuntu
106. Hack Tools For Ubuntu
107. Pentest Tools For Mac
108. Pentest Box Tools Download
109. Hacker Tools For Windows
110. Pentest Tools For Ubuntu
111. Hack Tools
112. Hacking Tools For Windows Free Download
113. Hacker Tools List
114. Hack Tools For Ubuntu
115. Pentest Tools For Android
116. Hacker Tools Free Download