Ib pab pawg ntawm cov kws tshawb fawb los ntawm ntau lub tsev kawm qib siab hauv tebchaws Yelemes tau tsim MITM kev tawm tsam tshiab ntawm HTTPS uas tuaj yeem tshem tawm cov ncuav qab zib thiab lwm yam ntaub ntawv rhiab, nrog rau kev ua txhaum cai JavaScript code hauv cov ntsiab lus ntawm lwm qhov chaw. Qhov kev tawm tsam yog hu ua ALPACA thiab tuaj yeem siv rau TLS servers uas siv cov txheej txheem txheej txheem sib txawv (HTTPS, SFTP, SMTP, IMAP, POP3), tab sis siv daim ntawv pov thawj TLS.
Lub ntsiab lus ntawm kev tawm tsam yog tias nws muaj kev tswj hwm lub rooj vag network lossis wireless nkag mus, tus neeg tawm tsam tuaj yeem hloov lub vev xaib mus rau lwm qhov chaw nres nkoj network thiab teeb tsa kev tsim kev sib txuas nrog FTP lossis xa ntawv xa ntawv uas txhawb nqa TLS encryption thiab siv ib qho TLS daim ntawv pov thawj feem ntau nrog HTTP neeg rau zaub mov, thiab tus neeg siv lub browser yuav xav tias muaj kev sib txuas tau tsim nrog HTTP server thov. Txij li thaum TLS raws tu qauv yog universal thiab tsis khi rau daim ntawv thov-theem raws tu qauv, tsim kom muaj ib tug encrypted kev twb kev txuas rau tag nrho cov kev pab cuam yog zoo tib yam thiab qhov yuam kev ntawm kev xa ib daim ntawv thov mus rau qhov kev pab cuam tsis ncaj ncees lawm yuav txiav txim tau tsuas yog tom qab tsim ib tug encrypted kev sib kho thaum ua cov txheej txheem. cov lus txib ntawm qhov kev thov xa tuaj.
Raws li, piv txwv li, koj redirect ib tug neeg siv kev twb kev txuas Ameslikas xa mus rau HTTPS mus rau ib tug mail server uas siv ib daim ntawv pov thawj qhia nrog HTTPS neeg rau zaub mov, TLS kev twb kev txuas yuav ua tiav, tab sis tus neeg rau zaub mov xa ntawv yuav tsis muaj peev xwm ua tus xa mus. HTTP cov lus txib thiab yuav rov qab cov lus teb nrog qhov yuam kev. Cov lus teb no yuav ua tiav los ntawm tus browser raws li cov lus teb los ntawm qhov chaw thov, xa mus rau hauv ib qho kev sib txuas lus encrypted kom raug.
Peb txoj kev tawm tsam yog npaj siab:
- "Upload" txhawm rau muab lub ncuav qab zib nrog rau qhov tsis muaj pov thawj tseeb. Txoj kev siv tau yog tias FTP server them los ntawm TLS daim ntawv pov thawj tso cai rau koj upload thiab khaws nws cov ntaub ntawv. Hauv qhov sib txawv ntawm qhov kev tawm tsam no, tus neeg tawm tsam tuaj yeem ua tiav ntawm qhov chaw ntawm tus neeg siv qhov kev thov HTTP thawj, xws li cov ntsiab lus ntawm Cov Khoom Qab Zib header, piv txwv li, yog FTP neeg rau zaub mov txhais qhov kev thov raws li cov ntaub ntawv khaws tseg lossis cov ntawv thov nkag tag nrho. Yuav kom ua tiav kev tawm tsam, tus neeg tawm tsam yuav tsum tau rho tawm cov ntsiab lus khaws cia. Qhov kev tawm tsam no muaj feem xyuam rau Proftpd, Microsoft IIS, vsftpd, filezilla thiab serv-u.
- "Download" rau kev teeb tsa kev sau ntawv hla chaw (XSS). Txoj kev txhais tau hais tias tus neeg tawm tsam, vim yog qee qhov kev ua haujlwm ntawm tus kheej, tuaj yeem tso cov ntaub ntawv hauv cov kev pabcuam uas siv daim ntawv pov thawj TLS ib txwm, uas tuaj yeem muab tawm rau cov lus teb rau cov neeg siv thov. Qhov kev tawm tsam no muaj feem xyuam rau FTP servers saum toj no, IMAP servers thiab POP3 servers (courier, cyrus, kerio-txuas thiab zimbra).
- "Reflection" los khiav JavaScript hauv cov ntsiab lus ntawm lwm qhov chaw. Cov txheej txheem yog raws li rov qab mus rau tus neeg siv khoom ib feem ntawm qhov kev thov, uas muaj JavaScript code xa los ntawm tus neeg tawm tsam. Qhov kev tawm tsam no muaj feem xyuam rau FTP servers uas tau hais los saum toj no, cyrus, kerio-txuas thiab zimbra IMAP servers, nrog rau sendmail SMTP servers.
Piv txwv li, thaum tus neeg siv qhib nplooj ntawv tswj hwm los ntawm tus neeg tawm tsam, nplooj ntawv no tuaj yeem pib thov cov peev txheej los ntawm qhov chaw uas tus neeg siv muaj tus lej siv nyiaj (piv txwv li, bank.com). Thaum muaj kev tawm tsam MITM, qhov kev thov no xa mus rau bank.com lub vev xaib tuaj yeem xa rov qab mus rau email server uas siv daim ntawv pov thawj TLS uas tau koom nrog bank.com. Txij li thaum lub mail server tsis txiav qhov kev sib kho tom qab thawj qhov yuam kev, cov kev pabcuam headers thiab cov lus txib xws li "POST / HTTP / 1.1" thiab "Host:" yuav raug ua tiav raws li cov lus txib tsis paub (mail server yuav rov qab "500 unrecognized command" rau txhua header).
Cov neeg xa ntawv xa ntawv tsis nkag siab txog cov yam ntxwv ntawm HTTP raws tu qauv thiab rau nws cov kev pabcuam headers thiab cov ntaub ntawv thaiv ntawm POST kev thov tau ua tiav tib yam, yog li hauv lub cev ntawm POST thov koj tuaj yeem qhia ib kab nrog cov lus txib rau lub mail server. Piv txwv li, koj tuaj yeem hla: MAIL NTAWM: alert(1); uas tus neeg rau zaub mov xa ntawv yuav xa rov qab cov lus yuam kev 501 alert(1); : malformed chaw nyob: ceeb toom(1); yuav tsis ua raws
Cov lus teb no yuav tau txais los ntawm tus neeg siv lub browser, uas yuav ua tiav JavaScript code hauv cov ntsiab lus tsis yog ntawm tus neeg tawm tsam lub vev xaib pib qhib, tab sis ntawm bank.com lub vev xaib uas tau xa mus, txij li cov lus teb tuaj nyob rau hauv qhov kev sib tham TLS raug. , daim ntawv pov thawj uas tau lees paub qhov tseeb ntawm bank.com teb.
Kev soj ntsuam ntawm lub ntiaj teb network tau pom tias feem ntau, kwv yees li 1.4 lab lub vev xaib servers cuam tshuam los ntawm qhov teeb meem, uas nws muaj peev xwm ua kom muaj kev tawm tsam los ntawm kev sib xyaw thov siv cov txheej txheem sib txawv. Qhov muaj peev xwm ntawm qhov kev tawm tsam tiag tiag tau txiav txim siab rau 119 txhiab lub vev xaib uas muaj nrog TLS servers raws li lwm cov txheej txheem thov.
Piv txwv ntawm exploits tau npaj rau ftp servers pureftpd, proftpd, microsoft-ftp, vsftpd, filezilla thiab serv-u, IMAP thiab POP3 servers dovecot, courier, pauv, cyrus, kerio-txuas thiab zimbra, SMTP servers postfix, exim, sendmail , mailenable, mdaemon thiab opensmtpd. Cov kws tshawb fawb tau kawm txog qhov muaj peev xwm ua rau muaj kev tawm tsam tsuas yog ua ke nrog FTP, SMTP, IMAP thiab POP3 servers, tab sis nws muaj peev xwm hais tias qhov teeb meem kuj tseem tuaj yeem tshwm sim rau lwm daim ntawv thov raws tu qauv uas siv TLS.
Txhawm rau thaiv qhov kev tawm tsam, nws tau thov kom siv ALPN (Application Layer Protocol Negotiation) txuas ntxiv los sib tham txog TLS kev sib tham nrog rau tus account daim ntawv thov raws tu qauv thiab SNI (Server Name Indication) txuas ntxiv los khi rau tus tswv lub npe thaum siv. TLS daim ntawv pov thawj npog ntau lub npe sau npe. Ntawm daim ntawv thov sab, nws raug pom zoo kom txwv qhov txwv ntawm tus lej ntawm qhov yuam kev thaum ua cov lus txib, tom qab ntawd qhov kev sib txuas raug txiav. Cov txheej txheem tsim kev ntsuas los thaiv kev tawm tsam tau pib thaum Lub Kaum Hli xyoo tas los. Cov kev ntsuas kev nyab xeeb zoo sib xws twb tau ua hauv Nginx 1.21.0 (mail proxy), Vsftpd 3.0.4, Courier 5.1.0, Sendmail, FileZill, crypto/tls (Go) thiab Internet Explorer.
Tau qhov twg los: opennet.ru