Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any way of stripping tls?


  • Please log in to reply
4 replies to this topic

#1 Encryption

Encryption

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 July 2015 - 10:31 PM

Can you strip TLS? I've been able to strip SSL using SSLstrip, but figured out no way to strip TLS. So, does anyone have a method to strip it?



BC AdBot (Login to Remove)

 


#2 Encryption

Encryption
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 17 July 2015 - 08:01 PM

i needz help



#3 technonymous

technonymous

  • Members
  • 2,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 19 July 2015 - 09:37 AM

Short answer NO. TLS/SSL protocol has more to it than that of just SSL. As you know SSL is easy to do to a client once on the same network with a easy MITM ARP poison attack. The connection is intercepted and tricking the client to connect to your server which then trips away the https down to normal http protocol and relays that back to the client. If the client doesn't check this connection then the traffic can then be sniffed, captured, or sent to a forged webpage and capture the data in login/password tables. TLS 1.2 stops this. However early on TLS 1.0, 1.1 can be exploited because of various bugs found. I am sure you heard of some....

 

Apples goto fail bug. Does just as it sounds. There was a bug in Apples code, that if you crafted the packet in such a way to 'goto fail' then it would bypass the certs validation process all together.

 

GnuTLS bug. Another coding bug that had a bad If function similar to Apples bug you could bypass the certs validation process.

 

Heart Bleed affects systems still using the OpenSSL versions 1.0.1 through 1.0.1f, and 1.0.2-beta. Since Openssl is widely used chances are good that Heart Bleed is still going strong. This was the most dangerous of all attacks. Basically the 'heart beat' request is sent to keep TLS sessions alive. Sending a specially crafted heart beat packet can request a large kbyte size 65,536 which then the receiving computer dumps 65,536 kbytes of data from is memory! That memory dump likely holds the private crypto keys and other information stored in memory like passwords. The attacker can continue to do these request and continue to get more memory dumps which would include current data etc.

 

Lastly there is the Poodle attack (Padding Oracle On Downgraded Legacy Encryption) Does what is sounds. The attack would exploit Oracle to downgrade it's encryption to SSL 3.0 and thus allowing the attacker to then do a normal SSLStrip MITM attack.

 

That pretty much sums it up.


Edited by technonymous, 19 July 2015 - 09:59 AM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:43 PM

Posted 20 July 2015 - 03:15 PM

Can you strip TLS? I've been able to strip SSL using SSLstrip, but figured out no way to strip TLS. So, does anyone have a method to strip it?


Why are you stripping TLS? For the record, we will not help any member performing illegal activity.

#5 technonymous

technonymous

  • Members
  • 2,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 21 July 2015 - 01:00 AM

I think Encryption is pentesting his/her own network. I was reluctant to answer such question, without offering any actual 'how to' help and borderlining TOS. With the same reasons, simply because no one wants to be responsible for someone using it in a nefarious ways. All of the info I posted is very basic info, the most detailed information is open to the public on US-CERT.gov website which everyone should bookmark. It's important information and people need to know the importance of upgrading their ssl and create new certs. SSL/TLS is pretty much broken all the way up to 1.1 Pentesting does have it's legit uses and I stand neutral on that. I use it to help people only when the situation warrants it. Hell in the past I used it for my own network with suspicions a of hacker or infected pc. How does one monitor and detect a hacker? Well ironically you have to hack lol. Sometimes the router would log the local machine doing a arp attack on the network once in while. That's abnormal behavior.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users