Attacking SSL-based website

  • Securing the communication between the client and the web application is the most common use of TLS/SSL,and it is known as HTTP over SSL or HTTPS.

  • TLS ia also used to secure the communication channel used by other protocols in the following ways:

    • Used by mail servers to encrypt emails between two mail servers and also between the client and the mail server
    • To secure communication between database servers and LDAP authentication servers.
    • To encrypt virtual private network(VPN) connections known as SSL VPN.
    • Remote desktop services in Windows operation system used TLS to encrypt and authenticate the client connecting to the server.

  • Asymmetric encryption,which uses a combination of public-private keys,is more secure than symmetric encryption

  • Asymmetric encryption algorithms

    • Diffie-Hellman key exchange
    • Rivest Shamir Adleman(RSA)
    • Elliptic Curve Cryptography(ECC):similar to RSA

  • Symmetric encryption algorithm

    • Data Encryption Standard(DES):easily breakable
    • Advance EncryptionStandard(AES)
    • International Data Encryption Algorithm(IDEA)

  • Symmetric algorithms are divided in two major ways:

    1. Block cipher
    2. Stream cipher

  • secure hashing algorithm(SHA),is often used to create hashes:

    Hashing functionOutput hash size
    MD5128
    SHA-1160
    SHA-2224;256;384;512

  • In a collision attack,two different input files will genetate the same hash output.

  • HMAC,stands for keyed-hash message authentication code.

  • SSLScan:By default the tool checks if the server is vulnerable to the CRIME and heartbleed vulnerabilities.

  • Watch out when NULL is pointed out in the names of ciphers supported.If NULL cipher is selected,the SSL handshake will complete and the browser will display the secure padlock but HTTP data would be transmitted in clear text.(sslscan)

  • sslyze:

    • Checking for older versions of SSL
    • Analysing the cipher suites and identifying weak ciphers
    • Scanning multiple servers using an input file
    • Checking for session resumption support

  • Testing SSL configuration using Nmap:Nmap includes a script known as ssl-enum-ciphers

  • The SSL Server Test(https://www.ssllabs.com/ssltest/) is a online tool hosted by Qualys that performs deep analysis of the SSL configuration of a website.

  • SSL man-in-the-middle attack

    attack

  • SSL MITM tools in Kali:

    • SSLsplit
    • SSlstrip
    • SSLsniff