ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Related news

• Pentest Tools Android
• Easy Hack Tools
• Hacker Tools Linux
• Hacker Tools Windows
• Hacking Tools For Mac
• Computer Hacker
• Underground Hacker Sites
• Github Hacking Tools
• Hacker Hardware Tools
• Pentest Tools Website Vulnerability
• Pentest Tools Port Scanner
• Hacking App
• Hacker Tools For Pc
• Hacking Tools Software
• Pentest Tools Online
• Hacking Tools For Kali Linux
• Best Hacking Tools 2020
• Hacker Tools 2020
• Hacker Techniques Tools And Incident Handling
• Hacker Tools For Pc
• Hacker Tools 2019
• Hacking Tools And Software
• Pentest Tools Find Subdomains
• Hackers Toolbox
• Hacking Tools Online
• Easy Hack Tools
• Hack Tools 2019
• Hacking Tools Usb
• Hacker Tools For Pc
• Hacking Tools For Mac
• Hacker Tools Github
• Tools Used For Hacking
• Best Hacking Tools 2020
• Physical Pentest Tools
• Pentest Tools Apk
• Pentest Automation Tools
• Pentest Tools For Windows
• Hacker Tools List
• Hacker Tools List
• How To Make Hacking Tools
• Hacker
• Pentest Tools Website Vulnerability
• Nsa Hacker Tools
• Best Hacking Tools 2020
• Hacker Hardware Tools
• Pentest Tools Apk
• Pentest Tools Linux
• New Hacker Tools
• Hacker Tools
• Pentest Tools Kali Linux
• Hacker Techniques Tools And Incident Handling
• Pentest Tools Alternative
• Hacker Tools Linux
• Hackers Toolbox
• Hacker Hardware Tools
• Hack Tools For Games
• Pentest Tools For Android
• Kik Hack Tools
• Bluetooth Hacking Tools Kali
• Hacking Tools Hardware
• Hacking Tools Pc
• Kik Hack Tools
• Top Pentest Tools
• Hacking Tools For Games
• Pentest Tools For Windows
• Android Hack Tools Github
• Hacking Tools And Software
• Pentest Tools Kali Linux
• Hack Tools For Ubuntu
• Hack And Tools
• Pentest Tools Website
• Kik Hack Tools
• Tools Used For Hacking
• Kik Hack Tools
• Hack Tool Apk
• Hacker Techniques Tools And Incident Handling
• Hacking Tools For Kali Linux
• Hacking Tools Online
• Hacker Tools Apk
• Hacking Tools Online
• Hack Tools For Pc
• Pentest Tools Linux
• Hacker Tools Software
• World No 1 Hacker Software
• Hack Tools
• Hack Tools For Pc
• Pentest Tools Github
• Hacker Tools 2019
• World No 1 Hacker Software
• Hacking Tools Hardware
• Pentest Tools For Mac
• Best Pentesting Tools 2018
• Pentest Tools Url Fuzzer
• How To Hack
• Github Hacking Tools
• Hacker Hardware Tools
• Pentest Tools Free
• Hack Rom Tools
• Hacker Tools Windows
• What Are Hacking Tools
• What Are Hacking Tools
• Pentest Tools For Windows
• Hacker Tools Apk
• Pentest Tools Online
• Pentest Tools Free
• Pentest Reporting Tools
• Hack Tools Online
• Pentest Tools For Mac
• Pentest Tools Port Scanner
• Hack Tools
• Hack Website Online Tool
• Tools Used For Hacking
• Hacker Tools Windows
• Black Hat Hacker Tools
• Pentest Box Tools Download
• Hacker Tools For Pc
• Pentest Tools Nmap
• Physical Pentest Tools