Saturday, May 27, 2023

ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

More info
  1. Hacker Tools List
  2. Beginner Hacker Tools
  3. Pentest Tools
  4. Hacking Tools 2019
  5. Pentest Reporting Tools
  6. New Hack Tools
  7. Game Hacking
  8. Hacking Tools For Pc
  9. Hacking Tools For Pc
  10. Hacker Tools 2019
  11. Hacking Tools For Mac
  12. Hacker Hardware Tools
  13. Top Pentest Tools
  14. Hacking Apps
  15. Hacker Tools For Ios
  16. Hacking Tools
  17. Hacking Apps
  18. Pentest Tools List
  19. Hack Tool Apk No Root
  20. Hacking Tools For Windows
  21. Hacker Tools 2020
  22. Hacker
  23. Hacking Tools 2019
  24. Hacker Hardware Tools
  25. World No 1 Hacker Software
  26. Pentest Tools Online
  27. Computer Hacker
  28. Pentest Tools Review
  29. How To Install Pentest Tools In Ubuntu
  30. Pentest Tools Nmap
  31. Growth Hacker Tools
  32. Hacker Tools For Windows
  33. Easy Hack Tools
  34. Hacker Tools
  35. Hack Tools
  36. Hacking Tools Pc
  37. Pentest Recon Tools
  38. How To Make Hacking Tools
  39. Hacker Tools Apk
  40. Hack Apps
  41. Hacking Tools Software
  42. Pentest Tools Bluekeep
  43. Hack Apps
  44. Hacking Tools For Pc
  45. Hack Tools Online
  46. Pentest Tools Github
  47. Hacking Tools For Windows Free Download
  48. Pentest Tools Framework
  49. Hack Tools Mac
  50. Hacking Tools And Software
  51. Wifi Hacker Tools For Windows
  52. Pentest Tools Alternative
  53. Hacker Tools Apk
  54. Best Pentesting Tools 2018
  55. Hacking Tools Windows 10
  56. Hack Tools For Mac
  57. Pentest Tools Windows
  58. Pentest Tools Url Fuzzer
  59. Hack Tools
  60. Hacker Tools Github
  61. Hack Tools Mac
  62. Hack Tools
  63. Tools Used For Hacking
  64. Hacking Tools For Games
  65. Wifi Hacker Tools For Windows
  66. Github Hacking Tools
  67. New Hacker Tools
  68. Hacker Tools Windows
  69. Pentest Tools Download
  70. Hacker Tools Apk Download
  71. Pentest Tools Website
  72. Easy Hack Tools
  73. Hacking Tools For Kali Linux
  74. Pentest Tools Free
  75. Hack Tools
  76. Github Hacking Tools
  77. Pentest Tools List
  78. Pentest Tools Free
  79. Hacker Search Tools
  80. Hacker Tools List
  81. Top Pentest Tools
  82. Nsa Hacker Tools
  83. Hacks And Tools
  84. Pentest Tools Open Source
  85. Pentest Tools
  86. Hacking Tools For Pc
  87. Hacking Tools Download
  88. Best Hacking Tools 2019
  89. Hacking Tools Name
  90. Hacking Tools 2020
  91. Hak5 Tools
  92. Hacking Tools For Windows Free Download
  93. Wifi Hacker Tools For Windows
  94. Pentest Tools Find Subdomains
  95. Bluetooth Hacking Tools Kali
  96. Hacker Tools Free
  97. Game Hacking
  98. Pentest Reporting Tools
Posted by daybydaypregnancy at 4:33 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Why Should you take care of Day by Day Pregnancy?


Taking care of your baby and your body on Day by Day Pregnancy

If you're pregnant now, you should know how important is to take care of yourself and your future baby. Well, pregnant is something that every married girl dream of. Sooner or later, after you married and settle down, your husband and yourself will love to have a new comer in your house, especially if only both of you living together without living with your other family members like your parents, grandparents or any other sibling

It is extremely important to take care of your baby and yourself on day by day pregnancy. You must eat the right food and make sure that the food you ate will not harm your baby and yourself.

Yes, pregnant is great, eating right and good nutrition food for your baby is a must! but how about the excessive pounds you will get when you're pregnant and after you delivered? is it something that you must consider of? as a woman, it is extremely important to take care of our weight, fat means ugly, and what happen when we're fat? of course, we will lost our self confident at first. And what happen when we lost our self confident?

If you're not even dare to look at yourself in the mirror, do you think that your belove husband will like to hug you, kiss you and look at you like before? even if your husband looks at you like before, you might probably think, "what's wrong with him, he look at my fat meat all the time!"

well, dont' let this happens to you. It is Extremely important to get rid of the excessive fat during and after pregnancy.

Here at Pregnancy Without Pounds, I found an absolutely great course and guide for your day by day pregnancy course, free of charge. They'll send you article and some guide several times a week for you to learn how to take care of yourself and your baby.

This is what they claim: