ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

More info

1. Nsa Hack Tools Download
2. Nsa Hack Tools Download
3. Hack Tools Mac
4. Hacking Tools For Beginners
5. Hacker Tools Windows
6. Hack Tools For Mac
7. Nsa Hack Tools Download
8. Hacking Tools Pc
9. Hack Tools
10. Free Pentest Tools For Windows
11. Hacking Tools Free Download
12. How To Hack
13. Hacking Tools Windows 10
14. Pentest Tools For Windows
15. Pentest Tools Nmap
16. Bluetooth Hacking Tools Kali
17. Pentest Tools Download
18. Hacker Tools Hardware
19. Hacker Hardware Tools
20. Black Hat Hacker Tools
21. Blackhat Hacker Tools
22. Best Pentesting Tools 2018
23. Free Pentest Tools For Windows
24. Pentest Recon Tools
25. Hack Tools
26. Hacking Tools
27. Hack Tools Mac
28. Blackhat Hacker Tools
29. How To Make Hacking Tools
30. Hacking Tools Pc
31. Pentest Tools For Mac
32. Beginner Hacker Tools
33. Hack Tools For Ubuntu
34. Hacker Tools For Ios
35. Hacker Hardware Tools
36. Hacker Tools Apk
37. Pentest Tools Linux
38. Hacking Tools Mac
39. Pentest Tools Windows
40. Hacker Tools Free
41. Hacker Tools For Windows
42. Hacker Tools Mac
43. Pentest Tools Alternative
44. Pentest Automation Tools
45. Hack Tools
46. Hacking Tools For Kali Linux
47. Hacking Tools Download
48. Pentest Tools Apk
49. Pentest Tools For Windows
50. Hack Tools Download
51. Easy Hack Tools
52. Nsa Hacker Tools
53. Hacking Tools Hardware
54. Hacking Tools And Software
55. Hacker Tools Github
56. Hacking Tools For Windows 7
57. Pentest Tools
58. Free Pentest Tools For Windows
59. Best Hacking Tools 2020
60. Kik Hack Tools
61. Hacker Tools Free Download
62. Pentest Tools For Ubuntu
63. Pentest Tools Framework
64. Hack Apps
65. Hack Tools Online
66. Hacker Tools Mac
67. Hacker Tools List
68. Pentest Tools Download
69. Free Pentest Tools For Windows
70. Pentest Tools Download
71. Hack Tools Mac
72. What Is Hacking Tools
73. Hack Tool Apk
74. Pentest Tools Download
75. Easy Hack Tools
76. Hacking Tools For Windows 7
77. Physical Pentest Tools
78. Underground Hacker Sites
79. Hack Tools For Ubuntu
80. Hacker Tool Kit
81. Hack Tools Pc
82. Pentest Tools Github
83. Hacker Tools For Ios
84. Hacker Tools Free
85. Hak5 Tools
86. Hacker Tools For Pc
87. Beginner Hacker Tools
88. Pentest Tools Open Source
89. Wifi Hacker Tools For Windows
90. How To Install Pentest Tools In Ubuntu
91. New Hacker Tools
92. New Hacker Tools
93. Pentest Tools Windows
94. Beginner Hacker Tools
95. Hacking Tools 2019
96. Hack Tools
97. Hacker Tools Windows
98. Hacker Tools Free Download
99. Install Pentest Tools Ubuntu
100. Pentest Tools Bluekeep
101. Hack Tool Apk No Root
102. Hacker
103. Pentest Tools Free
104. Hacking Tools For Mac
105. Hacker
106. Hack Rom Tools
107. Hackrf Tools
108. Hacking Tools Windows
109. Termux Hacking Tools 2019
110. How To Install Pentest Tools In Ubuntu