ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Read more

1. Hacker Tools For Windows
2. Beginner Hacker Tools
3. Hacking Tools Online
4. Pentest Tools Free
5. Top Pentest Tools
6. Hacking Tools For Windows Free Download
7. Hacker Tools For Mac
8. Hacker Tools Windows
9. Game Hacking
10. Hacking Tools For Windows Free Download
11. Hacker Hardware Tools
12. Hacker Tools Github
13. Hack Tool Apk
14. Hacker Tools
15. Nsa Hack Tools Download
16. Tools 4 Hack
17. Install Pentest Tools Ubuntu
18. Hacking Tools For Windows 7
19. Termux Hacking Tools 2019
20. Install Pentest Tools Ubuntu
21. Hacking Tools For Games
22. Hacker Tools For Windows
23. Hacking Tools Download
24. Hacker Tools For Windows
25. Hacking Tools Mac
26. Hacking Tools Pc
27. Hacking Tools For Kali Linux
28. Hack Tools Download
29. Hacker Tools Hardware
30. Github Hacking Tools
31. Hacking Tools And Software
32. Hackrf Tools
33. Usb Pentest Tools
34. Hacking Tools 2020
35. Hackrf Tools
36. Hack Tool Apk No Root
37. Hackers Toolbox
38. Hacking Tools For Windows Free Download
39. Hacker Tools Apk
40. Pentest Tools Free
41. Hacking Tools For Windows 7
42. Tools 4 Hack
43. Hacking Tools Download
44. Pentest Tools Open Source
45. Game Hacking
46. Hacking Tools Online
47. Pentest Reporting Tools
48. Hacking Tools
49. Pentest Automation Tools
50. Hacker Tools For Ios
51. Hacking Tools For Games
52. Best Hacking Tools 2020
53. Usb Pentest Tools
54. Pentest Tools Android
55. Hacking Tools Online
56. Hacker Tools Linux
57. Hacking Tools Mac
58. Nsa Hack Tools
59. Hacking Tools Online
60. How To Install Pentest Tools In Ubuntu
61. Pentest Tools Github
62. Hacking Tools For Pc
63. Pentest Tools Download
64. Hack Tools 2019
65. Physical Pentest Tools
66. Hacking Tools For Kali Linux
67. Hacker Tools Hardware
68. Top Pentest Tools
69. Hacking Tools Name
70. Hack Tool Apk
71. Hack Apps
72. Hack Tool Apk
73. Hacker Tools Windows
74. Pentest Reporting Tools
75. Hacker Tools For Pc
76. Hacker
77. Physical Pentest Tools
78. Hacker Tools Free
79. Hacking Tools Hardware
80. Hacker Search Tools
81. What Are Hacking Tools
82. Hacker Tools For Pc
83. Hacking Tools For Windows
84. Hacking Tools For Windows Free Download
85. Pentest Tools Port Scanner
86. Hacking Tools For Beginners
87. Hacking Tools Github
88. Hacking Tools Github
89. Github Hacking Tools
90. Hacker Hardware Tools
91. Growth Hacker Tools
92. Pentest Box Tools Download
93. Black Hat Hacker Tools
94. Hacking App
95. How To Make Hacking Tools
96. Black Hat Hacker Tools
97. Hacking Tools For Windows
98. Hacking Tools For Mac
99. Pentest Tools Github
100. Hack Tools For Ubuntu
101. Pentest Tools Url Fuzzer
102. Hack Tool Apk
103. Hack Website Online Tool
104. Hacker Tool Kit
105. Hacking Tools For Beginners
106. Hacker Tool Kit
107. Hack Tools For Windows
108. Physical Pentest Tools
109. Pentest Tools Alternative
110. Best Hacking Tools 2019
111. Hacker Tools 2020
112. Hacker Tools For Mac
113. Hack Tools For Ubuntu
114. Pentest Tools Nmap
115. Hacking Tools Windows
116. Pentest Tools List
117. Hak5 Tools