ALPACA: Application Layer Protocol Confusion-Analyzing And Mitigating Cracks In TLS Authentication

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TLS. The vulnerability is called ALPACA and exploits a weakness in the authentication of TLS for cross-protocol attacks. The attack allows an attacker to steal cookies or perform cross-site-scripting (XSS) if the specific conditions for the attack are met.

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conducted a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluated the real-world attack surface of web browsers and widely-deployed Email and FTP servers in lab experiments and with internet-wide scans. We find that 1.​4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. As a countermeasure, we propose the use of the Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions in TLS to prevent these and other cross-protocol attacks.

Although this vulnerability is very situational and can be challenging to exploit, there are some configurations that are exploitable even by a pure web attacker. Furthermore, we could only analyze a limited number of protocols, and other attack scenarios may exist. Thus, we advise that administrators review their deployments and that application developers (client and server) implement countermeasures proactively for all protocols.

More information on ALPACA can be found on the website https://alpaca-attack.com/.

Related links

1. Pentest Tools Linux
2. Hack Tools Download
3. Ethical Hacker Tools
4. Pentest Tools For Mac
5. Hacking Tools Download
6. Hacking Tools Mac
7. Hacking Tools
8. Hacker Tools For Pc
9. Hack Tools Download
10. Hacking Tools Pc
11. Hack Tools For Mac
12. World No 1 Hacker Software
13. Hacking Tools Mac
14. Pentest Tools Subdomain
15. Hacking Tools For Beginners
16. Hacker Tools For Mac
17. Pentest Tools Android
18. Hacking Tools 2020
19. Hacking Tools Online
20. Hacker Tools 2020
21. Termux Hacking Tools 2019
22. Hacking Tools For Mac
23. Hack Tools Mac
24. Hacking Tools Hardware
25. Termux Hacking Tools 2019
26. Android Hack Tools Github
27. Hack Tools
28. Pentest Reporting Tools
29. Usb Pentest Tools
30. Hack Tool Apk
31. Hacking Tools For Mac
32. Hacking Tools Name
33. Hack Tools For Games
34. Pentest Tools Alternative
35. Hack Apps
36. Hack Tools 2019
37. Hack Tools Github
38. World No 1 Hacker Software
39. Hacker Tools Apk
40. Hack Tools Github
41. Ethical Hacker Tools
42. Hacker Techniques Tools And Incident Handling
43. Pentest Tools Website Vulnerability
44. Hacking Tools Github
45. Hacker Tools
46. Best Pentesting Tools 2018
47. Hacker Tools
48. Hack Tools For Windows
49. Hacking Tools For Pc
50. Hacking Tools For Windows
51. Hack Tools Online
52. Pentest Tools Apk
53. Hacking App
54. Pentest Tools
55. Pentest Tools Online
56. Hacking Tools Software
57. Pentest Tools Free
58. Pentest Tools Website
59. Hacking Tools Name
60. Hack App
61. Free Pentest Tools For Windows
62. Hacking Tools For Beginners
63. Hack Tools For Mac
64. Hacking Tools Github
65. Pentest Tools Review
66. Hacker Tools Free Download
67. Hacking Tools For Kali Linux
68. Hack Tool Apk No Root
69. Best Hacking Tools 2019
70. Hacking Tools For Kali Linux
71. Pentest Tools Apk
72. Pentest Tools Open Source
73. Pentest Reporting Tools
74. Game Hacking
75. Pentest Recon Tools
76. Pentest Tools Review
77. New Hack Tools
78. Termux Hacking Tools 2019
79. Pentest Tools Online
80. Hack And Tools
81. Hacker Tools Github
82. Top Pentest Tools
83. Hacker Tools List
84. Hacker Tool Kit
85. Hacker Tools
86. Hacking Tools 2019
87. World No 1 Hacker Software
88. Hacker Tools For Windows
89. How To Install Pentest Tools In Ubuntu
90. Pentest Tools Kali Linux
91. Hack Tool Apk No Root
92. Hacking Tools Github
93. Nsa Hack Tools Download
94. Hacking Tools Download
95. World No 1 Hacker Software
96. Hacker Tools Mac
97. How To Make Hacking Tools
98. Pentest Tools Alternative
99. Hacker Tools List
100. Hacking Tools Hardware
101. Ethical Hacker Tools
102. Hacking Tools Windows
103. Hack Tools For Ubuntu
104. Hacking Tools Free Download
105. Underground Hacker Sites
106. Hack Tools For Ubuntu
107. Pentest Tools Subdomain
108. Pentest Tools Find Subdomains
109. Hacker Tools 2020
110. Hacker Tools Github
111. Hack Tool Apk No Root
112. How To Hack
113. Hacker Security Tools
114. Pentest Reporting Tools
115. Pentest Tools Find Subdomains
116. Pentest Tools Website
117. Hackers Toolbox
118. Hacking Tools For Windows 7
119. Hack Tool Apk No Root