Otu ndị nyocha sitere na mahadum dị iche iche na Jamanị ewepụtala ọgụ MITM ọhụrụ na HTTPS nke nwere ike wepụ kuki nnọkọ na data ndị ọzọ nwere mmetụta, yana mebie koodu Javascript aka ike na ọnọdụ saịtị ọzọ. A na-akpọ ọgụ a ALPACA na enwere ike itinye ya na sava TLS na-emejuputa usoro oyi akwa dị iche iche (HTTPS, SFTP, SMTP, IMAP, POP3), mana jiri asambodo TLS nkịtị.
Ihe kachasị mkpa nke mwakpo ahụ bụ na ọ bụrụ na ọ na-achịkwa ọnụ ụzọ netwọk ma ọ bụ ebe ịnweta ikuku, onye na-awakpo ahụ nwere ike ibugharị okporo ụzọ weebụ gaa n'ọdụ ụgbọ mmiri netwọk ọzọ wee hazie nguzobe nke njikọ na FTP ma ọ bụ ihe nkesa ozi na-akwado izo ya ezo TLS ma jiri a. Asambodo TLS jikọtara ya na sava HTTP, ihe nchọgharị onye ọrụ ga-eche na ewepụtala njikọ yana sava HTTP achọrọ. Ebe ọ bụ na usoro TLS bụ nke zuru ụwa ọnụ na ejikọtaghị ya na usoro ọkwa ọkwa ngwa, nhazi nke njikọ ezoro ezo maka ọrụ niile bụ otu na njehie nke izipu arịrịọ na ọrụ na-ezighị ezi nwere ike ikpebi naanị mgbe ịmepụtara nnọkọ ezoro ezo mgbe ị na-edozi ya. iwu nke arịrịọ ezigara.
N'ihi nke a, ọ bụrụ na, dịka ọmụmaatụ, ị redirect njikọ onye ọrụ na mbụ na HTTPS gaa na nkesa ozi nke na-eji asambodo ejiri HTTPS nkesa na-ekekọrịta, njikọ TLS ga-eguzobe nke ọma, mana ihe nkesa ozi agaghị enwe ike ịhazi ya ebufe. HTTP nyere iwu ma ga-eji koodu njehie weghachi nzaghachi. Ihe nchọgharị ga-ahazi nzaghachi a ka ọ bụrụ nzaghachi sitere na saịtị a rịọrọ, bufee n'ime ọwa nkwukọrịta ezoro ezo nke ọma.
Atụpụtara nhọrọ mbuso agha atọ:
- "Bulite" iji weghachite kuki nwere paramita nyocha. Usoro a dị ma ọ bụrụ na sava FTP nke asambodo TLS kpuchiri na-enye gị ohere bulite na weghachite data ya. Na ụdị ọgụ a dị iche iche, onye mwakpo ahụ nwere ike nweta njide akụkụ nke arịrịọ HTTP mbụ nke onye ọrụ, dị ka ọdịnaya nke nkụnye eji isi mee kuki, dịka ọmụmaatụ, ọ bụrụ na ihe nkesa FTP tụgharịrị arịrịọ ahụ dị ka faịlụ echekwara ma ọ bụ dekọọ arịrịọ mbata kpamkpam. Iji wakpo nke ọma, onye mwakpo ahụ kwesịrị iwepụta ọdịnaya echekwara n'ụzọ ụfọdụ. Mwakpo a dị na Proftpd, Microsoft IIS, vsftpd, filezilla na serv-u.
- "Budata" maka ịhazi ederede saịtị (XSS). Usoro a na-egosi na onye na-awakpo ahụ, n'ihi ụfọdụ aghụghọ, nwere ike tinye data na ọrụ na-eji asambodo TLS nkịtị, nke enwere ike ịnye ya na nzaghachi arịrịọ onye ọrụ. Mwakpo a na-adabara na sava FTP ndị a kpọtụrụ aha n'elu, sava IMAP na sava POP3 (onye ozi, cyrus, kerio-connect na zimbra).
- "Ntụgharị uche" iji mee Javascript n'ọnọdụ nke saịtị ọzọ. Usoro a dabere na ịlaghachi na akụkụ ndị ahịa nke arịrịọ ahụ, nke nwere koodu Javascript nke onye mwakpo zitere. Mwakpo a na-adabara na sava FTP ndị a kpọtụrụ aha n'elu, cyrus, kerio-connect na zimbra IMAP sava, yana sava SMTP ozi.
Dịka ọmụmaatụ, mgbe onye ọrụ mepere ibe nke onye mwakpo na-achịkwa, ibe a nwere ike ịmalite arịrịọ maka akụrụngwa sitere na saịtị ebe onye ọrụ nwere akaụntụ na-arụ ọrụ (dịka ọmụmaatụ, bank.com). N'oge mwakpo MITM, a na-ezigara arịrịọ a na webụsaịtị bank.com gaa na nkesa email na-eji asambodo TLS na bank.com na-ekerịta. Ebe ọ bụ na ihe nkesa ozi anaghị akwụsị nnọkọ ahụ mgbe njehie mbụ gasịrị, a ga-edozi isi ọrụ na iwu dịka "POST / HTTP/1.1" na "Ọbịa:" dị ka iwu amaghị (ihe nkesa ozi ga-eweghachite "iwu 500 na-amaghị ama" maka onye nkụnye eji isi mee).
Ihe nkesa ozi anaghị aghọta atụmatụ nke protocol HTTP yana maka ya, a na-ahazi ndị isi ọrụ na ngọngọ data nke arịrịọ POST n'otu ụzọ ahụ, ya mere, n'ime ahụ nke arịrịọ POST ị nwere ike ịkọwapụta ahịrị nwere iwu ka ihe nkesa ozi. Dịka ọmụmaatụ, ị nwere ike ịgafe: MAIL FROM: alert(1); nke ihe nkesa ozi ga-eweghachite ozi njehie 501 alert(1);: adreesị ọjọọ: alert (1); nwere ike ọ gaghị eso
Nzaghachi a ga-enweta ihe nchọgharị onye ọrụ, nke ga-eme koodu Javascript n'ọnọdụ ọ bụghị nke webụsaịtị mepere emepe nke onye mbuso agha, kama nke webụsaịtị bank.com nke ezigara arịrịọ ahụ, ebe nzaghachi ahụ bịara na nnọkọ TLS ziri ezi. , asambodo nke gosipụtara izi ezi nke nzaghachi bank.com.
Nnyocha nke netwọk zuru ụwa ọnụ gosiri na n'ozuzu, ihe dị ka 1.4 nde sava weebụ na-emetụta nsogbu ahụ, nke ọ ga-ekwe omume ịme mwakpo site na ịgwakọta arịrịọ site na iji usoro dị iche iche. Ekpebiri ohere nke ezigbo mwakpo maka 119 puku sava weebụ nke enwere sava TLS na-eso ya dabere na usoro ngwa ngwa ndị ọzọ.
A kwadoro ihe atụ nke ịkpa ókè maka sava ftp pureftpd, proftpd, microsoft-ftp, vsftpd, filezilla na serv-u, IMAP na POP3 sava dovecot, akwụkwọ ozi, mgbanwe, cyrus, kerio-connect na zimbra, SMTP sava postfix, exim, sendmail , mailenable, mdaemon na opensmtpd. Ndị na-eme nchọpụta enyochala ohere nke ịme mwakpo naanị yana FTP, SMTP, IMAP na sava POP3, mana ọ ga-ekwe omume na nsogbu ahụ nwekwara ike ime maka usoro ngwa ngwa ndị ọzọ na-eji TLS.
Iji gbochie mbuso agha a, a na-atụ aro ka iji ALPN (Ngwaọrụ Layer Protocol Negotiation) ndọtị iji kparịta nnọkọ TLS na-eburu n'uche usoro ngwa na mgbakwunye SNI (Ngosipụta Aha Server) iji jikọta aha nnabata n'ihe banyere iji. Asambodo TLS na-ekpuchi ọtụtụ aha ngalaba. N'akụkụ ngwa ahụ, a na-atụ aro ka ịbelata njedebe na ọnụ ọgụgụ nke njehie mgbe nhazi iwu, mgbe nke ahụ gasịrị, a kwụsịrị njikọ ahụ. Usoro nke ịmepụta usoro iji gbochie mwakpo ahụ malitere n'ọnwa Ọktoba nke afọ gara aga. Emeelarị usoro nchekwa yiri nke ahụ na Nginx 1.21.0 (proxy mail), Vsftpd 3.0.4, Courier 5.1.0, Sendmail, FileZill, crypto/tls (Go) na Internet Explorer.
isi: opennet.ru