Upload
inaz2
View
2.968
Download
6
Embed Size (px)
Citation preview
PROXY2: HTTPS PINS AND NEEDLES
2015/05/09すみだセキュリティ勉強会 2015#1
@INAZ2
ABOUT ME
• @inaz2
• Security engineer & Python programmer
• Girl idol freak
• Blog: ももいろテクノロジー
• http://inaz2.hatenablog.com/
2
HTTPS EVERYWHERE [GOOGLE I/O 2014]
• http://lanyrd.com/2014/io14/sdcgyb/
3
HTTPS = HTTP OVER SSL/TLS [RFC 2818]
• http://lanyrd.com/2014/io14/sdcgyb/
4
SSL/TLS AUTHENTICATION
• Certificate Authority (CA) issues the signed certificate for subject’s public key
• Clients trust some root CAs beforehand
• Clients verify the chain of certificates until it reaches the trusted root CA
5
Client Server CA Root CA
Verify each signature by issuer’s public key
Private key
Public key
signature = ENCRYPT(HASH(certificate content), privkey)
sign
SSL/TLS ENCRYPTION
• A client generate a session key (e.g. AES key)
• The client and the server share the session key
• By the key exchange algorithm (e.g. RSA or ECDHE)
• After all, the payload is encrypted by the session key
6
Client Server
Payload
Session key(shared by each other)
WE CANNOT SEE HTTPS PAYLOADS AS IS
• In Wireshark 1.12.4
7
DECRYPTING HTTPS PAYLOADS IN WIRESHARK
• Register the destination server’s private key
• Need to own the server
• If I have Google’s private key, I will be in the jail
• Only works when RSA key exchange is used
• Ineffective against ECDHE key exchange (because of forward secrecy)
8
SSLKEYLOGFILE ENVIRONMENT VARIABLE
• Make the browsers write session keys in a file
• Configure Wireshark to use the file for decrypting
• Don’t have to own the server & works with any key exchange algorithms
9
ANOTHER WAY… HTTPS PROXY
• Intercept HTTPS connection by Man-in-the-Middle
• The proxy terminates HTTPS connection and reconnects to the opposite
• The proxy can decrypt the payload by its private key
10
Client Proxy w/ CA Internet sites
HTTPS HTTPS
I’ll trust the proxy!
Decrypt all traffic!
Hello, proxy.
FIDDLER, BURP PROXY, OWASP ZAP ETC.
• Useful proxies for web vulnerability testing
• All supports HTTPS
• Programmable to some extent
• But GUI• Basically they require user interactions
11
THERE’S A NEED FOR THE TOOL WITHOUT CLICKING
12
PROXY2
SONG 2 BY BLUR
• https://www.youtube.com/watch?v=SSbBvKaM6sk
• “I got my head checkedBy a jumbo jetIt wasn't easyBut nothing isNo”
14
PROXY2
• https://github.com/inaz2/proxy2
• HTTP/HTTPS proxy in a single python script
• A successor of SimpleHTTPProxy [sumidasec 2013/12]
• Built on top of Python standard libraries (BaseHTTPServer, httplib, ssl etc.)
• HTTPS features depend on OPENSSL(1)
• Fully programmable by implementing handler functions in Python
• Trace HTTPS payloads
• Modify HTTPS payloads
• Save HTTPS payloads or stats to the storage
15
NEED TO TRUST IT AS A PRIVATE CA
• Execute “setup_https_intercept.sh” and run proxy2
• Configure the browser’s proxy setting
• Then access to http://proxy2.test/
16
TRACE HTTPS PAYLOADS
• Implemented and enabled by default
• Print headers and POST data with color
• Pretty-output query parameters, Cookies and JSON data
• Show the title of a HTML document
• Decode the credential of basic auth
17
SERVER, X-POWERED-BY, VIA
• http://hhvm.com/blog/7205/wikipedia-on-hhvm
18
SERVER, X-POWERED-BY, VIA
• http://hhvm.com/blog/7205/wikipedia-on-hhvm
19
Nginx/1.6.2 with HHVM/3.3.13 reverse proxies (Varnish Cache)
?
20
X-REQUEST-ID, X-RUNTIME, X-SERVED-BY
21
X-REQUEST-ID, X-RUNTIME, X-SERVED-BY
22
The request 1f03c5 was responded by the server e68303
and it took 6.5 milliseconds
PRIVATE API ENDPOINT
• Content-Type seems wrong
23
GMAIL LOGIN
24
GMAIL LOGIN
25
YOUTUBE’S SPF (STRUCTURED PAGE FRAGMENTS)
• https://youtube.github.io/spfjs/
26
YOUTUBE’S SPF (STRUCTURED PAGE FRAGMENTS)
• https://youtube.github.io/spfjs/
27
MODIFY HTTPS PAYLOADS
• Change the User-Agent
28
29
30
SWAP A HTTPS CONTENT
• Rewrite a request path
31
32
THIS WEBSITE IS SECURED BY SSL?
• Yes, if you never trust any private CAs or compromised CAs
• Why was Superfish a big topic?
• A private CA was preinstalled in many Lenovo laptops
• All HTTPS payloads were decrypted without notice
• The same private key was embedded and its passphrase was weak
• Cracked in a moment
• As a result, anyone could be the CA and issue the certificate for any domains
• Malwares may install a private CA silently
• Certificate pinning doesn’t block it because it’s a PRIVATE CA
• http://inaz2.hatenablog.com/entry/2015/02/25/024431
33
END-TO-END ENCRYPTION
• Web Cryptography API
• Run crypto algorithms on web browsers
• http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/
• Intel AES-NI and Intel Secure Key (RDRAND)
• CPU instructions for AES calculation and random number generation
• https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/
• https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
34
RECAP
• Trusted HTTPS proxy can trace/modify all HTTPS payloads
• Useful for both web developers and security engineers
• Happy hacking
35
REFERENCES
• The HTTPS-Only Standard
• https://https.cio.gov/
• ImperialViolet - Decrypting SSL packet dumps
• https://www.imperialviolet.org/2012/06/25/wireshark.html
• Proxy War [OWASP DAY 2014/11]
• http://www.slideshare.net/zaki4649/proxy-war-42161988
• 自堕落な技術者の日記 : W3C Web Cryptography APIとの果てしなき戦い(第1回) - livedoor Blog(ブログ)
• http://blog.livedoor.jp/k_urushima/archives/1758899.html
36
THANK YOU!@INAZ2
CreditsClip arts: http://www.clker.com/English Reviewing: @domiryuu