SlideShare a Scribd company logo

Scapy TLS: Script TLS Stacks for Testing

Download as PPTX, PDF
A
Alexandre Moneger

Quick talk on how to leverage scapy-ssl_tls to perform TLS 1.3 testing. Covers which area of the stack are less vulnerable with TLS 1.3 as opposed to 1.2.

Engineering
1 of 36
Scapy TLS: a scriptable TLS 1.3 stack Alex Moneger
Agenda 1. TLS attacks timeline 2. Difficulty in reproducing attacks 3. Scapy-ssl_tls goals 4. Quick demo of scapy-ssl_tls capabilities 5. Custom TLS stacks, what to look for? 6. Fuzzing capabilities 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 1
Introduction • TLS is a critical protocol to the internet • Very few alternatives • Session layer protocol for other protocols • Very complex 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 2
TLS PROTOCOL LEVEL ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 3
Introduction • Protocol under scrutiny • Growth of the number of protocol level attacks • Numerous implementation bugs 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 4
Timeline 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 5 Renegotiation 2009 20162013 BEAST CRIME 2014 2015201220112010 BREACH Lucky13 POODLE POODLE2 FREAK LOGJAM SLOTH THS
Observations • TLS protocol attacks increase: – Frequency – Complexity • 2 classes: – Protocol level – Crypto level 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 6
REPRODUCING ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 7
Problems • Understand the attack properly • Practical impact (as opposed to theoretical problem) • Reproducibility • Fix (dev + Q&A) • Fix for good (regression) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 8
Response • Customers do not always understand the practical impact • Your response team has to provide a definite answer • 2 solutions for custom implementations: – Crypto code review: • Lack of comparison point • Hard to get the full picture when deep into a crypto routine – PoC: • Lack of tooling • Big difference between regular lib and security focused lib 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 9
SCAPY-SSL_TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 10
Introduction • TLS & DTLS scriptable stack built above scapy • Stateless (as much as possible) • Packet crafting and dissecting • Crypto session handling • Sniffing (wire, pcap, …) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 11
Why bother? • TLS stacks are built to be robust • Enforce input parameters to be valid • Tear down connection on error • Not very flexible 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 12
Goals • Easy to install and use • Simplify discovery and exploitation of TLS vulnerabilities • Allow full control of any TLS field • Tries very hard to maintain absolutely no state • Good documentation and examples • No checks or enforcements (up to user if desired) • Sane defaults • Transparent encryption 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 13
Concepts • Start scapy • All classes start with TLS: – Allows easy autocomplete • What fields are available in a given TLS record? – ls(TLSClientHello) • TLSSocket() is used to wrap the TCP socket – This is your base element to send/recv traffic • Build packets scapy style: – p = TLSRecord()/TLSHandshake()/TLSClientHello() 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 14
DEMO Packet crafting/parsing 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 15
A simple TLS 1.3 client with TLSSocket(client=True) as tls_socket: try: tls_socket.connect(ip) print("Connected to server: %s" % (ip,)) except socket.timeout: print("Failed to open connection to server: %s" % (ip,), file=sys.stderr) else: try: server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions) server_hello.show() except TLSProtocolError as tpe: print("Got TLS error: %s" % tpe, file=sys.stderr) tpe.response.show() else: resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1rnHOST: localhostrnrn")) print("Got response from server") resp.show() finally: print(tls_socket.tls_ctx) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 16
Viewing a packet ###[ TLS Record ]### content_type= handshake version= TLS_1_0 length= 0x36 ###[ TLS Handshakes ]### handshakes |###[ TLS Handshake ]### | type= client_hello | length= 0x32 |###[ TLS Client Hello ]### | version= TLS_1_2 | gmt_unix_time= 1494985553 | random_bytes= 'xa6;x10{x0fx7fUx88xeaHxc6xafxf8xe4xedxd56x07xcfxd6x85xc1^xbdx1fxa3x02x85' | session_id_length= 0x0 | session_id= '' | cipher_suites_length= 0x2 | cipher_suites= ['ECDHE_RSA_WITH_AES_256_GCM_SHA384'] | compression_methods_length= 0x1 | compression_methods= ['NULL'] | extensions_length= 0x7 | extensions | |###[ TLS Extension ]### | | type= supported_versions | | length= 0x3 | |###[ TLS Extension Supported Versions ]### | | length= 0x2 | | versions= ['TLS_1_3_DRAFT_18'] 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 17
A TLS 1.3 server server_hello = TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSServerHello(version=version, cipher_suite=TLSCipherSuite.TLS_AES_256_GCM_SHA384, extensions=[key_share])]) client_socket.sendall(server_hello) client_socket.sendall(TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSEncryptedExtensions(extensions=[named_groups]), TLSHandshake() / TLSCertificateList() / TLS13Certificate( certificates=certificates)])) client_socket.sendall(TLSHandshakes(handshakes=[ TLSHandshake() / TLSCertificateVerify(alg=TLSSignatureScheme.RSA_PKCS1_SHA256, sig=client_socket.tls_ctx.compute_server_cert_verify())])) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 18
WHAT TO LOOK FOR 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 19
Recon • Fingerprint possible fork • OpenSSL empty plaintext fragment • JSSE, NSS stacked handshake • Difference in Alert type when tampering with Finish message • Alert is loosely defined, so stack specific 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 20
State machine • Tricky testing: mostly manual work and knowledge of RFC • Automated testing: FlexTLS: – Example: mono FlexApps.exe -s efin --connect localhost:8443 • Gives a good starting point for manual testing • Lot of legacy stuff: server-gated cryptography anyone? 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 21
Diffie Hellman • Check the validity of server (EC)DH params – Group size – Primality – Subgroup confinement attack (e.g: Off curve test (EC)) – Signature algo used – … • Send interesting values (small, non-prime, …) • Scapy-ssl_tls uses TinyEC for EC calculation • Allows to perform EC arithmetic 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 22
Side channels (RSA) • Pre Master Secret is decrypted • TLS mandates PKCS1 v1.5 for padding • This needs to be constant time, see classic Bleichenbacher • Time and Check for response difference on invalid padding (alert vs tcp reset) • Can use pybleach pkcs1_test_client.py to generate faulty padding for your PMS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 23
Side channels (ciphers) • Padding and MAC checks must be constant time • Alert type must be identical • Time and check response when flipping bytes in padding and MAC • Check for nonce reuse 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 24
Proper byte checking • Some implementation only verify a few bytes of padding, MAC and verify_data (finish hash) • All bytes must be checked for obvious reasons • Send application data packets with flipped padding, MAC and verify_data • Make sure you always get an alert 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 25
Fragmentation • Any packet above 2**14 (16384) bytes must be fragmented • But any fragment size can be chosen • Some stacks don’t cope well with TLS re-assembly • Can be used to bypass devices which parse TLS, but fail- open • Server can be requested to fragment using the Maximum Fragment Length Negotiation extension • DTLS allows to specify the fragment offset in the handshake 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 26
TLS 1.3 specific • Spec doesn’t leave a lot of room for implementation errors • Handling of 0-RTT, early data, PFS • Resumption checks (SNI) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 27
CONCLUSION 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 28
Strengths • Scapy-ssl_tls can speed up PoC development • PoC can be re-used as part of testing QA and regression • Valuable to reproduce findings & develop mitigations • Help in learning & experimenting with TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 29
Thanks • Thanks to tintinweb who started the project • Bugs: https://github.com/tintinweb/scapy- ssl_tls/ • Contact: – Github: alexmgr 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 30
THANKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 31
IF TIME ALLOWS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 32
Fuzzing • Provides basic fuzzing through scapy • Tries to be smart by preserving semantically necessary fields • Use fuzz() function on any element 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 33 fuzz(TLSRecord()/TLSHandshake(type=TLSHandshakeType.SUPPLEMENTAL_DATA)/TLSAlert()).show2() ###[ TLS Record ]### content_type= handshake <= preserved version= 0x7391 <= fuzzed length= 0x6 <= preserved ###[ TLS Handshake ]### type= supplemental_data <= overriden length= 0x2 <= preserved ###[ Raw ]### load= '(r’ <= fuzzed
Fuzzing • Only good for basic fuzzing • Simple to plug in your own fuzzer • Just generate data, scapy-ssl_tls takes care of the rest • Good targets: TLS extensions, certificates, … 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 34
Examples • The example section contains some useful base tools: – RSA session sniffer: given a cert, can decrypt wire traffic (like Wireshark) – Security scanner: a rudimentary TLS scanner (versions, ciphers, SCSV, …) – Downgrade test – … • Just baselines to write your own tools 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 35

Recommended

Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacksAlexandre Moneger
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Murat Mukhtarov
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.HungWei Chiu
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 

Recommended

Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacksAlexandre Moneger
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Murat Mukhtarov
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.HungWei Chiu
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Containers and Docker
Containers and DockerContainers and Docker
Containers and DockerDamian T. Gordon
 
LDAP
LDAPLDAP
LDAPChandanapriya Sathavalli
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security HardeningShiu-Fun Poon
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)Jooho Lee
 
SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzJorge Orchilles
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingNikhil Mittal
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumScyllaDB
 
Authentification et autorisation d'accès avec AWS IAM
Authentification et autorisation d'accès avec AWS IAMAuthentification et autorisation d'accès avec AWS IAM
Authentification et autorisation d'accès avec AWS IAMJulien SIMON
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceNGINX, Inc.
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski buildacloud
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Présentation Docker
Présentation DockerPrésentation Docker
Présentation DockerColin LEVERGER
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware styleSander Demeester
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0Will Schroeder
 
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Andrejs Prokopjevs
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityMiguel Pardal
 

More Related Content

What's hot

Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security HardeningShiu-Fun Poon
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)Jooho Lee
 
SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzJorge Orchilles
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingNikhil Mittal
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumScyllaDB
 
Authentification et autorisation d'accès avec AWS IAM
Authentification et autorisation d'accès avec AWS IAMAuthentification et autorisation d'accès avec AWS IAM
Authentification et autorisation d'accès avec AWS IAMJulien SIMON
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceNGINX, Inc.
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski buildacloud
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware styleSander Demeester
 
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Andrejs Prokopjevs
 

What's hot (20)

Containers and Docker
Containers and DockerContainers and Docker
Containers and Docker
 
LDAP
LDAPLDAP
LDAP
 
Vault
VaultVault
Vault
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker Compose
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)
 
SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple Teaming
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in Cilium
 
Authentification et autorisation d'accès avec AWS IAM
Authentification et autorisation d'accès avec AWS IAMAuthentification et autorisation d'accès avec AWS IAM
Authentification et autorisation d'accès avec AWS IAM
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePass
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open Source
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Présentation Docker
Présentation DockerPrésentation Docker
Présentation Docker
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware style
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
 
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
 

Similar to Scapy TLS: Script TLS Stacks for Testing

Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityMiguel Pardal
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Ontico
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
Java 9 Security Enhancements in Practice
Java 9 Security Enhancements in PracticeJava 9 Security Enhancements in Practice
Java 9 Security Enhancements in PracticeMartin Toshev
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser NetwrokingShuya Osaki
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 

Similar to Scapy TLS: Script TLS Stacks for Testing (20)

Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer Security
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019
 
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6labION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
 
ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLSION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLS
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
 
Java 9 Security Enhancements in Practice
Java 9 Security Enhancements in PracticeJava 9 Security Enhancements in Practice
Java 9 Security Enhancements in Practice
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser Netwroking
 
暗認本読書会9
暗認本読書会9暗認本読書会9
暗認本読書会9
 
Go paranoid
Go paranoidGo paranoid
Go paranoid
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol Design
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
 
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape TownDANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
 

More from Alexandre Moneger

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceAlexandre Moneger
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacksAlexandre Moneger
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersAlexandre Moneger
 
03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old daysAlexandre Moneger
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W mattersAlexandre Moneger
 
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stackAlexandre Moneger
 
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend06 - ELF format, knowing your friend
06 - ELF format, knowing your friendAlexandre Moneger
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR mattersAlexandre Moneger
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)Alexandre Moneger
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?Alexandre Moneger
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen oneAlexandre Moneger
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsAlexandre Moneger
 

More from Alexandre Moneger (13)

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then ice
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacks
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
 
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack
 
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend06 - ELF format, knowing your friend
06 - ELF format, knowing your friend
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploits
 

Recently uploaded

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 

Recently uploaded (20)

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 

Scapy TLS: Script TLS Stacks for Testing

  • 1. Scapy TLS: a scriptable TLS 1.3 stack Alex Moneger
  • 2. Agenda 1. TLS attacks timeline 2. Difficulty in reproducing attacks 3. Scapy-ssl_tls goals 4. Quick demo of scapy-ssl_tls capabilities 5. Custom TLS stacks, what to look for? 6. Fuzzing capabilities 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 1
  • 3. Introduction • TLS is a critical protocol to the internet • Very few alternatives • Session layer protocol for other protocols • Very complex 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 2
  • 4. TLS PROTOCOL LEVEL ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 3
  • 5. Introduction • Protocol under scrutiny • Growth of the number of protocol level attacks • Numerous implementation bugs 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 4
  • 6. Timeline 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 5 Renegotiation 2009 20162013 BEAST CRIME 2014 2015201220112010 BREACH Lucky13 POODLE POODLE2 FREAK LOGJAM SLOTH THS
  • 7. Observations • TLS protocol attacks increase: – Frequency – Complexity • 2 classes: – Protocol level – Crypto level 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 6
  • 8. REPRODUCING ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 7
  • 9. Problems • Understand the attack properly • Practical impact (as opposed to theoretical problem) • Reproducibility • Fix (dev + Q&A) • Fix for good (regression) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 8
  • 10. Response • Customers do not always understand the practical impact • Your response team has to provide a definite answer • 2 solutions for custom implementations: – Crypto code review: • Lack of comparison point • Hard to get the full picture when deep into a crypto routine – PoC: • Lack of tooling • Big difference between regular lib and security focused lib 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 9
  • 11. SCAPY-SSL_TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 10
  • 12. Introduction • TLS & DTLS scriptable stack built above scapy • Stateless (as much as possible) • Packet crafting and dissecting • Crypto session handling • Sniffing (wire, pcap, …) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 11
  • 13. Why bother? • TLS stacks are built to be robust • Enforce input parameters to be valid • Tear down connection on error • Not very flexible 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 12
  • 14. Goals • Easy to install and use • Simplify discovery and exploitation of TLS vulnerabilities • Allow full control of any TLS field • Tries very hard to maintain absolutely no state • Good documentation and examples • No checks or enforcements (up to user if desired) • Sane defaults • Transparent encryption 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 13
  • 15. Concepts • Start scapy • All classes start with TLS: – Allows easy autocomplete • What fields are available in a given TLS record? – ls(TLSClientHello) • TLSSocket() is used to wrap the TCP socket – This is your base element to send/recv traffic • Build packets scapy style: – p = TLSRecord()/TLSHandshake()/TLSClientHello() 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 14
  • 16. DEMO Packet crafting/parsing 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 15
  • 17. A simple TLS 1.3 client with TLSSocket(client=True) as tls_socket: try: tls_socket.connect(ip) print("Connected to server: %s" % (ip,)) except socket.timeout: print("Failed to open connection to server: %s" % (ip,), file=sys.stderr) else: try: server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions) server_hello.show() except TLSProtocolError as tpe: print("Got TLS error: %s" % tpe, file=sys.stderr) tpe.response.show() else: resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1rnHOST: localhostrnrn")) print("Got response from server") resp.show() finally: print(tls_socket.tls_ctx) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 16
  • 18. Viewing a packet ###[ TLS Record ]### content_type= handshake version= TLS_1_0 length= 0x36 ###[ TLS Handshakes ]### handshakes |###[ TLS Handshake ]### | type= client_hello | length= 0x32 |###[ TLS Client Hello ]### | version= TLS_1_2 | gmt_unix_time= 1494985553 | random_bytes= 'xa6;x10{x0fx7fUx88xeaHxc6xafxf8xe4xedxd56x07xcfxd6x85xc1^xbdx1fxa3x02x85' | session_id_length= 0x0 | session_id= '' | cipher_suites_length= 0x2 | cipher_suites= ['ECDHE_RSA_WITH_AES_256_GCM_SHA384'] | compression_methods_length= 0x1 | compression_methods= ['NULL'] | extensions_length= 0x7 | extensions | |###[ TLS Extension ]### | | type= supported_versions | | length= 0x3 | |###[ TLS Extension Supported Versions ]### | | length= 0x2 | | versions= ['TLS_1_3_DRAFT_18'] 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 17
  • 19. A TLS 1.3 server server_hello = TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSServerHello(version=version, cipher_suite=TLSCipherSuite.TLS_AES_256_GCM_SHA384, extensions=[key_share])]) client_socket.sendall(server_hello) client_socket.sendall(TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSEncryptedExtensions(extensions=[named_groups]), TLSHandshake() / TLSCertificateList() / TLS13Certificate( certificates=certificates)])) client_socket.sendall(TLSHandshakes(handshakes=[ TLSHandshake() / TLSCertificateVerify(alg=TLSSignatureScheme.RSA_PKCS1_SHA256, sig=client_socket.tls_ctx.compute_server_cert_verify())])) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 18
  • 20. WHAT TO LOOK FOR 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 19
  • 21. Recon • Fingerprint possible fork • OpenSSL empty plaintext fragment • JSSE, NSS stacked handshake • Difference in Alert type when tampering with Finish message • Alert is loosely defined, so stack specific 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 20
  • 22. State machine • Tricky testing: mostly manual work and knowledge of RFC • Automated testing: FlexTLS: – Example: mono FlexApps.exe -s efin --connect localhost:8443 • Gives a good starting point for manual testing • Lot of legacy stuff: server-gated cryptography anyone? 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 21
  • 23. Diffie Hellman • Check the validity of server (EC)DH params – Group size – Primality – Subgroup confinement attack (e.g: Off curve test (EC)) – Signature algo used – … • Send interesting values (small, non-prime, …) • Scapy-ssl_tls uses TinyEC for EC calculation • Allows to perform EC arithmetic 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 22
  • 24. Side channels (RSA) • Pre Master Secret is decrypted • TLS mandates PKCS1 v1.5 for padding • This needs to be constant time, see classic Bleichenbacher • Time and Check for response difference on invalid padding (alert vs tcp reset) • Can use pybleach pkcs1_test_client.py to generate faulty padding for your PMS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 23
  • 25. Side channels (ciphers) • Padding and MAC checks must be constant time • Alert type must be identical • Time and check response when flipping bytes in padding and MAC • Check for nonce reuse 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 24
  • 26. Proper byte checking • Some implementation only verify a few bytes of padding, MAC and verify_data (finish hash) • All bytes must be checked for obvious reasons • Send application data packets with flipped padding, MAC and verify_data • Make sure you always get an alert 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 25
  • 27. Fragmentation • Any packet above 2**14 (16384) bytes must be fragmented • But any fragment size can be chosen • Some stacks don’t cope well with TLS re-assembly • Can be used to bypass devices which parse TLS, but fail- open • Server can be requested to fragment using the Maximum Fragment Length Negotiation extension • DTLS allows to specify the fragment offset in the handshake 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 26
  • 28. TLS 1.3 specific • Spec doesn’t leave a lot of room for implementation errors • Handling of 0-RTT, early data, PFS • Resumption checks (SNI) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 27
  • 29. CONCLUSION 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 28
  • 30. Strengths • Scapy-ssl_tls can speed up PoC development • PoC can be re-used as part of testing QA and regression • Valuable to reproduce findings & develop mitigations • Help in learning & experimenting with TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 29
  • 31. Thanks • Thanks to tintinweb who started the project • Bugs: https://github.com/tintinweb/scapy- ssl_tls/ • Contact: – Github: alexmgr 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 30
  • 32. THANKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 31
  • 33. IF TIME ALLOWS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 32
  • 34. Fuzzing • Provides basic fuzzing through scapy • Tries to be smart by preserving semantically necessary fields • Use fuzz() function on any element 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 33 fuzz(TLSRecord()/TLSHandshake(type=TLSHandshakeType.SUPPLEMENTAL_DATA)/TLSAlert()).show2() ###[ TLS Record ]### content_type= handshake <= preserved version= 0x7391 <= fuzzed length= 0x6 <= preserved ###[ TLS Handshake ]### type= supplemental_data <= overriden length= 0x2 <= preserved ###[ Raw ]### load= '(r’ <= fuzzed
  • 35. Fuzzing • Only good for basic fuzzing • Simple to plug in your own fuzzer • Just generate data, scapy-ssl_tls takes care of the rest • Good targets: TLS extensions, certificates, … 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 34
  • 36. Examples • The example section contains some useful base tools: – RSA session sniffer: given a cert, can decrypt wire traffic (like Wireshark) – Security scanner: a rudimentary TLS scanner (versions, ciphers, SCSV, …) – Downgrade test – … • Just baselines to write your own tools 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 35

Editor's Notes

  1. I’m quite slow, so to fully understand something, I need to repro and play with it
  2. Customer don’t always understand the practical impact. No kidding, sometimes as a security engineer it takes you a few hours/days But your response team has to provide a statement quickly Both approaches require you to understand the issue in depth. But it’s harder to make a mistake with a PoC. It’s also easier to perform code review with a PoC PoC provides reproducibility, which provides Q&A and regression for free
  3. Writing an offensive stack is very different. All recommendations you normally provide to devs should be ignored. Do not validate length, format, signatures, … All validation is up to you, scapy-ssl_tls only reports data
  4. cd /Users/amoneger/projects/contrib/scapy-ssl_tls tests/integration/openssl_tls_server.sh tls1_2 Enter TLS and press tab to autocomplete Craft a TLSRecord with a TLSHandshake. Do a show(), do a ls() Modify length field of the record
  5. With transparent decryption p = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(extensions=[TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(18)])])])
  6. p = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_256_GCM_SHA384], extensions=[TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(18)])])])
  7. Custom stacks seem to generally be forks of OSS projects at one stage. It is interesting to try and fingerprint where it comes from, to then try and look for known implementation vulnerabilities on the stack You can probably pinpoint to the version with some research
  8. FlexTLS is based on miTLS which is A Verified Reference Implementation of TLS It implements a number of know attacks against the TLS state machine. Source code was only very recently released. A great reference tool to go after TLS state machine server-gated cryptography: client renegotiation based on server cert
  9. TLS 1.3 killed this
  10. Mention that PMS should start by handshake client version. Prevents rollback attacks TLS 1.3 killed this
  11. TLS 1.3 killed this
  12. Padding in TLS can be any length upto 255 bytes. Check that implementation respects that.
  13. DTLS is like IP from the old days ;) Possible values start at 2**9 = 512. Only active after Server Hello is received.