ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Continue reading

1. Tools Used For Hacking
2. New Hack Tools
3. Pentest Tools Open Source
4. Hack Tools Online
5. Hack Tools Download
6. Hacker Tools Mac
7. Hacking Tools 2020
8. Hacking Tools
9. Pentest Box Tools Download
10. Pentest Tools Url Fuzzer
11. Tools Used For Hacking
12. New Hack Tools
13. Pentest Tools Linux
14. Nsa Hack Tools
15. Pentest Tools Alternative
16. Nsa Hacker Tools
17. Hacker Tools
18. Hacking Apps
19. Hacking Tools Hardware
20. Hacker Tools Hardware
21. Hacking Tools Mac
22. Pentest Tools Nmap
23. Hack Tool Apk
24. Pentest Tools Download
25. What Are Hacking Tools
26. Nsa Hack Tools Download
27. Pentest Tools Open Source
28. Hacker Techniques Tools And Incident Handling
29. Hack Tools
30. Nsa Hack Tools
31. Pentest Tools Nmap
32. Hacking Tools For Windows Free Download
33. Ethical Hacker Tools
34. Hack Tools Online
35. Hacker Tools Free
36. Hack Rom Tools
37. Hacking App
38. Hacking Tools For Pc
39. How To Install Pentest Tools In Ubuntu
40. Pentest Tools Apk
41. Hack Tools
42. Hackers Toolbox
43. Hacking Apps
44. Hacking Tools For Windows 7
45. Pentest Automation Tools
46. Hacker Tools 2019
47. Easy Hack Tools
48. Hacker Tools For Ios
49. Hacker Tool Kit
50. Hack Tools 2019
51. Bluetooth Hacking Tools Kali
52. Hacker
53. Hacking Tools For Windows Free Download
54. Hacking Tools Kit
55. Pentest Tools Free
56. Pentest Box Tools Download
57. How To Install Pentest Tools In Ubuntu
58. Hack Website Online Tool
59. Game Hacking
60. Hackrf Tools
61. Pentest Tools Online
62. Hack Website Online Tool
63. Pentest Tools Alternative
64. Hacking Tools For Kali Linux
65. Install Pentest Tools Ubuntu
66. Pentest Box Tools Download
67. Hacks And Tools
68. How To Make Hacking Tools
69. Hacker Tools For Windows
70. Hacker Tools For Mac
71. Pentest Tools For Ubuntu
72. Hacking Tools For Pc
73. Pentest Tools Website Vulnerability
74. Bluetooth Hacking Tools Kali
75. Hack Tools Download
76. Pentest Tools Find Subdomains
77. Hacking Tools 2019
78. Hacker Tools 2019
79. Hacker Tools Online
80. Hacker Tools For Mac
81. What Is Hacking Tools
82. Game Hacking
83. Hack Tools For Mac
84. Usb Pentest Tools
85. Nsa Hack Tools
86. What Are Hacking Tools
87. How To Install Pentest Tools In Ubuntu
88. Pentest Tools For Android
89. Pentest Reporting Tools
90. Hacker
91. Pentest Tools Alternative
92. Hack Tools Github
93. Hacking Tools Windows 10
94. Usb Pentest Tools
95. Pentest Tools Nmap
96. Pentest Tools Bluekeep
97. Hacker Tools Online
98. Pentest Tools
99. Hacking Tools For Pc
100. Pentest Box Tools Download
101. Hacker Tool Kit
102. Underground Hacker Sites
103. Hacker Search Tools
104. Pentest Tools Alternative
105. Android Hack Tools Github
106. Pentest Tools Free
107. Hacker Tools Windows
108. Best Pentesting Tools 2018
109. How To Hack
110. Hacking Tools For Pc
111. Hacking Tools 2020
112. Hacking Tools Usb
113. Hacker Tools Apk
114. Hacking Tools Usb
115. Hacker Tools Windows
116. Hacker Tools 2020
117. Hack Website Online Tool
118. Hacker Security Tools
119. Hacking Tools Download
120. Easy Hack Tools
121. Hacking Tools
122. Hacker Tools Apk
123. Hacker Tools For Mac
124. Hacking Tools Hardware
125. Wifi Hacker Tools For Windows
126. Pentest Tools Alternative
127. Hack Website Online Tool
128. Pentest Recon Tools
129. Game Hacking
130. Pentest Tools Nmap
131. Hacker Tools Hardware
132. Hacking Tools Github