SlideShare una empresa de Scribd logo

Scapy TLS: Script TLS Stacks for Testing

Descargar como PPTX, PDF
A
Alexandre Moneger

Quick talk on how to leverage scapy-ssl_tls to perform TLS 1.3 testing. Covers which area of the stack are less vulnerable with TLS 1.3 as opposed to 1.2.

Ingeniería
1 de 36
Scapy TLS: a scriptable TLS 1.3 stack Alex Moneger
Agenda 1. TLS attacks timeline 2. Difficulty in reproducing attacks 3. Scapy-ssl_tls goals 4. Quick demo of scapy-ssl_tls capabilities 5. Custom TLS stacks, what to look for? 6. Fuzzing capabilities 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 1
Introduction • TLS is a critical protocol to the internet • Very few alternatives • Session layer protocol for other protocols • Very complex 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 2
TLS PROTOCOL LEVEL ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 3
Introduction • Protocol under scrutiny • Growth of the number of protocol level attacks • Numerous implementation bugs 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 4
Timeline 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 5 Renegotiation 2009 20162013 BEAST CRIME 2014 2015201220112010 BREACH Lucky13 POODLE POODLE2 FREAK LOGJAM SLOTH THS
Observations • TLS protocol attacks increase: – Frequency – Complexity • 2 classes: – Protocol level – Crypto level 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 6
REPRODUCING ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 7
Problems • Understand the attack properly • Practical impact (as opposed to theoretical problem) • Reproducibility • Fix (dev + Q&A) • Fix for good (regression) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 8
Response • Customers do not always understand the practical impact • Your response team has to provide a definite answer • 2 solutions for custom implementations: – Crypto code review: • Lack of comparison point • Hard to get the full picture when deep into a crypto routine – PoC: • Lack of tooling • Big difference between regular lib and security focused lib 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 9
SCAPY-SSL_TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 10
Introduction • TLS & DTLS scriptable stack built above scapy • Stateless (as much as possible) • Packet crafting and dissecting • Crypto session handling • Sniffing (wire, pcap, …) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 11
Why bother? • TLS stacks are built to be robust • Enforce input parameters to be valid • Tear down connection on error • Not very flexible 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 12
Goals • Easy to install and use • Simplify discovery and exploitation of TLS vulnerabilities • Allow full control of any TLS field • Tries very hard to maintain absolutely no state • Good documentation and examples • No checks or enforcements (up to user if desired) • Sane defaults • Transparent encryption 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 13
Concepts • Start scapy • All classes start with TLS: – Allows easy autocomplete • What fields are available in a given TLS record? – ls(TLSClientHello) • TLSSocket() is used to wrap the TCP socket – This is your base element to send/recv traffic • Build packets scapy style: – p = TLSRecord()/TLSHandshake()/TLSClientHello() 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 14
DEMO Packet crafting/parsing 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 15
A simple TLS 1.3 client with TLSSocket(client=True) as tls_socket: try: tls_socket.connect(ip) print("Connected to server: %s" % (ip,)) except socket.timeout: print("Failed to open connection to server: %s" % (ip,), file=sys.stderr) else: try: server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions) server_hello.show() except TLSProtocolError as tpe: print("Got TLS error: %s" % tpe, file=sys.stderr) tpe.response.show() else: resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1rnHOST: localhostrnrn")) print("Got response from server") resp.show() finally: print(tls_socket.tls_ctx) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 16
Viewing a packet ###[ TLS Record ]### content_type= handshake version= TLS_1_0 length= 0x36 ###[ TLS Handshakes ]### handshakes |###[ TLS Handshake ]### | type= client_hello | length= 0x32 |###[ TLS Client Hello ]### | version= TLS_1_2 | gmt_unix_time= 1494985553 | random_bytes= 'xa6;x10{x0fx7fUx88xeaHxc6xafxf8xe4xedxd56x07xcfxd6x85xc1^xbdx1fxa3x02x85' | session_id_length= 0x0 | session_id= '' | cipher_suites_length= 0x2 | cipher_suites= ['ECDHE_RSA_WITH_AES_256_GCM_SHA384'] | compression_methods_length= 0x1 | compression_methods= ['NULL'] | extensions_length= 0x7 | extensions | |###[ TLS Extension ]### | | type= supported_versions | | length= 0x3 | |###[ TLS Extension Supported Versions ]### | | length= 0x2 | | versions= ['TLS_1_3_DRAFT_18'] 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 17
A TLS 1.3 server server_hello = TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSServerHello(version=version, cipher_suite=TLSCipherSuite.TLS_AES_256_GCM_SHA384, extensions=[key_share])]) client_socket.sendall(server_hello) client_socket.sendall(TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSEncryptedExtensions(extensions=[named_groups]), TLSHandshake() / TLSCertificateList() / TLS13Certificate( certificates=certificates)])) client_socket.sendall(TLSHandshakes(handshakes=[ TLSHandshake() / TLSCertificateVerify(alg=TLSSignatureScheme.RSA_PKCS1_SHA256, sig=client_socket.tls_ctx.compute_server_cert_verify())])) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 18
WHAT TO LOOK FOR 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 19
Recon • Fingerprint possible fork • OpenSSL empty plaintext fragment • JSSE, NSS stacked handshake • Difference in Alert type when tampering with Finish message • Alert is loosely defined, so stack specific 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 20
State machine • Tricky testing: mostly manual work and knowledge of RFC • Automated testing: FlexTLS: – Example: mono FlexApps.exe -s efin --connect localhost:8443 • Gives a good starting point for manual testing • Lot of legacy stuff: server-gated cryptography anyone? 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 21
Diffie Hellman • Check the validity of server (EC)DH params – Group size – Primality – Subgroup confinement attack (e.g: Off curve test (EC)) – Signature algo used – … • Send interesting values (small, non-prime, …) • Scapy-ssl_tls uses TinyEC for EC calculation • Allows to perform EC arithmetic 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 22
Side channels (RSA) • Pre Master Secret is decrypted • TLS mandates PKCS1 v1.5 for padding • This needs to be constant time, see classic Bleichenbacher • Time and Check for response difference on invalid padding (alert vs tcp reset) • Can use pybleach pkcs1_test_client.py to generate faulty padding for your PMS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 23
Side channels (ciphers) • Padding and MAC checks must be constant time • Alert type must be identical • Time and check response when flipping bytes in padding and MAC • Check for nonce reuse 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 24
Proper byte checking • Some implementation only verify a few bytes of padding, MAC and verify_data (finish hash) • All bytes must be checked for obvious reasons • Send application data packets with flipped padding, MAC and verify_data • Make sure you always get an alert 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 25
Fragmentation • Any packet above 2**14 (16384) bytes must be fragmented • But any fragment size can be chosen • Some stacks don’t cope well with TLS re-assembly • Can be used to bypass devices which parse TLS, but fail- open • Server can be requested to fragment using the Maximum Fragment Length Negotiation extension • DTLS allows to specify the fragment offset in the handshake 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 26
TLS 1.3 specific • Spec doesn’t leave a lot of room for implementation errors • Handling of 0-RTT, early data, PFS • Resumption checks (SNI) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 27
CONCLUSION 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 28
Strengths • Scapy-ssl_tls can speed up PoC development • PoC can be re-used as part of testing QA and regression • Valuable to reproduce findings & develop mitigations • Help in learning & experimenting with TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 29
Thanks • Thanks to tintinweb who started the project • Bugs: https://github.com/tintinweb/scapy- ssl_tls/ • Contact: – Github: alexmgr 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 30
THANKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 31
IF TIME ALLOWS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 32
Fuzzing • Provides basic fuzzing through scapy • Tries to be smart by preserving semantically necessary fields • Use fuzz() function on any element 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 33 fuzz(TLSRecord()/TLSHandshake(type=TLSHandshakeType.SUPPLEMENTAL_DATA)/TLSAlert()).show2() ###[ TLS Record ]### content_type= handshake <= preserved version= 0x7391 <= fuzzed length= 0x6 <= preserved ###[ TLS Handshake ]### type= supplemental_data <= overriden length= 0x2 <= preserved ###[ Raw ]### load= '(r’ <= fuzzed
Fuzzing • Only good for basic fuzzing • Simple to plug in your own fuzzer • Just generate data, scapy-ssl_tls takes care of the rest • Good targets: TLS extensions, certificates, … 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 34
Examples • The example section contains some useful base tools: – RSA session sniffer: given a cert, can decrypt wire traffic (like Wireshark) – Security scanner: a rudimentary TLS scanner (versions, ciphers, SCSV, …) – Downgrade test – … • Just baselines to write your own tools 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 35

Recomendados

IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
VPC Implementation In OpenStack Heat
VPC Implementation In OpenStack HeatVPC Implementation In OpenStack Heat
VPC Implementation In OpenStack HeatSaju Madhavan
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacksAlexandre Moneger
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6Ahmed AbdelSalam
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Rambus
 

Recomendados

IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
VPC Implementation In OpenStack Heat
VPC Implementation In OpenStack HeatVPC Implementation In OpenStack Heat
VPC Implementation In OpenStack HeatSaju Madhavan
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacksAlexandre Moneger
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6Ahmed AbdelSalam
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Rambus
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...LINE Corporation
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)NetProtocol Xpert
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3 Vedant Jain
 
A comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsA comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsGunter Van de Velde
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Kentaro Ebisawa
 
End-to-end Streaming Between gRPC Services Via Kafka with John Fallows
End-to-end Streaming Between gRPC Services Via Kafka with John FallowsEnd-to-end Streaming Between gRPC Services Via Kafka with John Fallows
End-to-end Streaming Between gRPC Services Via Kafka with John FallowsHostedbyConfluent
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux NetworkingMaximilan Wilhelm
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Automating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkAutomating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkCisco Canada
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...Ives Laaf
 
Mpls
MplsMpls
Mplsrahulvce07
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityMiguel Pardal
 

Más contenido relacionado

La actualidad más candente

Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...LINE Corporation
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)NetProtocol Xpert
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3 Vedant Jain
 
A comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsA comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsGunter Van de Velde
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Kentaro Ebisawa
 
End-to-end Streaming Between gRPC Services Via Kafka with John Fallows
End-to-end Streaming Between gRPC Services Via Kafka with John FallowsEnd-to-end Streaming Between gRPC Services Via Kafka with John Fallows
End-to-end Streaming Between gRPC Services Via Kafka with John FallowsHostedbyConfluent
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux NetworkingMaximilan Wilhelm
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Automating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkAutomating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkCisco Canada
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...Ives Laaf
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 

La actualidad más candente (20)

Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3
 
A comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsA comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodings
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution Environment
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
 
End-to-end Streaming Between gRPC Services Via Kafka with John Fallows
End-to-end Streaming Between gRPC Services Via Kafka with John FallowsEnd-to-end Streaming Between gRPC Services Via Kafka with John Fallows
End-to-end Streaming Between gRPC Services Via Kafka with John Fallows
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
Automating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkAutomating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS Network
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
 
Mpls
MplsMpls
Mpls
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
 

Similar a Scapy TLS: Script TLS Stacks for Testing

Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityMiguel Pardal
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Ontico
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
Java 9 Security Enhancements in Practice
Java 9 Security Enhancements in PracticeJava 9 Security Enhancements in Practice
Java 9 Security Enhancements in PracticeMartin Toshev
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser NetwrokingShuya Osaki
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 

Similar a Scapy TLS: Script TLS Stacks for Testing (20)

Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer Security
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019
 
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6labION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
 
ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLSION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLS
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
 
Java 9 Security Enhancements in Practice
Java 9 Security Enhancements in PracticeJava 9 Security Enhancements in Practice
Java 9 Security Enhancements in Practice
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser Netwroking
 
暗認本読書会9
暗認本読書会9暗認本読書会9
暗認本読書会9
 
Go paranoid
Go paranoidGo paranoid
Go paranoid
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol Design
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
 
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape TownDANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
DANE/DNSSEC/TLS Testing in the go6Lab - ION Cape Town
 

Más de Alexandre Moneger

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceAlexandre Moneger
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacksAlexandre Moneger
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersAlexandre Moneger
 
03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old daysAlexandre Moneger
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W mattersAlexandre Moneger
 
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stackAlexandre Moneger
 
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend06 - ELF format, knowing your friend
06 - ELF format, knowing your friendAlexandre Moneger
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR mattersAlexandre Moneger
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)Alexandre Moneger
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?Alexandre Moneger
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen oneAlexandre Moneger
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsAlexandre Moneger
 

Más de Alexandre Moneger (13)

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then ice
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacks
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
 
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack
 
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend06 - ELF format, knowing your friend
06 - ELF format, knowing your friend
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploits
 

Último

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 

Último (20)

★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 

Scapy TLS: Script TLS Stacks for Testing

  • 1. Scapy TLS: a scriptable TLS 1.3 stack Alex Moneger
  • 2. Agenda 1. TLS attacks timeline 2. Difficulty in reproducing attacks 3. Scapy-ssl_tls goals 4. Quick demo of scapy-ssl_tls capabilities 5. Custom TLS stacks, what to look for? 6. Fuzzing capabilities 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 1
  • 3. Introduction • TLS is a critical protocol to the internet • Very few alternatives • Session layer protocol for other protocols • Very complex 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 2
  • 4. TLS PROTOCOL LEVEL ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 3
  • 5. Introduction • Protocol under scrutiny • Growth of the number of protocol level attacks • Numerous implementation bugs 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 4
  • 6. Timeline 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 5 Renegotiation 2009 20162013 BEAST CRIME 2014 2015201220112010 BREACH Lucky13 POODLE POODLE2 FREAK LOGJAM SLOTH THS
  • 7. Observations • TLS protocol attacks increase: – Frequency – Complexity • 2 classes: – Protocol level – Crypto level 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 6
  • 8. REPRODUCING ATTACKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 7
  • 9. Problems • Understand the attack properly • Practical impact (as opposed to theoretical problem) • Reproducibility • Fix (dev + Q&A) • Fix for good (regression) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 8
  • 10. Response • Customers do not always understand the practical impact • Your response team has to provide a definite answer • 2 solutions for custom implementations: – Crypto code review: • Lack of comparison point • Hard to get the full picture when deep into a crypto routine – PoC: • Lack of tooling • Big difference between regular lib and security focused lib 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 9
  • 11. SCAPY-SSL_TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 10
  • 12. Introduction • TLS & DTLS scriptable stack built above scapy • Stateless (as much as possible) • Packet crafting and dissecting • Crypto session handling • Sniffing (wire, pcap, …) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 11
  • 13. Why bother? • TLS stacks are built to be robust • Enforce input parameters to be valid • Tear down connection on error • Not very flexible 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 12
  • 14. Goals • Easy to install and use • Simplify discovery and exploitation of TLS vulnerabilities • Allow full control of any TLS field • Tries very hard to maintain absolutely no state • Good documentation and examples • No checks or enforcements (up to user if desired) • Sane defaults • Transparent encryption 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 13
  • 15. Concepts • Start scapy • All classes start with TLS: – Allows easy autocomplete • What fields are available in a given TLS record? – ls(TLSClientHello) • TLSSocket() is used to wrap the TCP socket – This is your base element to send/recv traffic • Build packets scapy style: – p = TLSRecord()/TLSHandshake()/TLSClientHello() 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 14
  • 16. DEMO Packet crafting/parsing 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 15
  • 17. A simple TLS 1.3 client with TLSSocket(client=True) as tls_socket: try: tls_socket.connect(ip) print("Connected to server: %s" % (ip,)) except socket.timeout: print("Failed to open connection to server: %s" % (ip,), file=sys.stderr) else: try: server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions) server_hello.show() except TLSProtocolError as tpe: print("Got TLS error: %s" % tpe, file=sys.stderr) tpe.response.show() else: resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1rnHOST: localhostrnrn")) print("Got response from server") resp.show() finally: print(tls_socket.tls_ctx) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 16
  • 18. Viewing a packet ###[ TLS Record ]### content_type= handshake version= TLS_1_0 length= 0x36 ###[ TLS Handshakes ]### handshakes |###[ TLS Handshake ]### | type= client_hello | length= 0x32 |###[ TLS Client Hello ]### | version= TLS_1_2 | gmt_unix_time= 1494985553 | random_bytes= 'xa6;x10{x0fx7fUx88xeaHxc6xafxf8xe4xedxd56x07xcfxd6x85xc1^xbdx1fxa3x02x85' | session_id_length= 0x0 | session_id= '' | cipher_suites_length= 0x2 | cipher_suites= ['ECDHE_RSA_WITH_AES_256_GCM_SHA384'] | compression_methods_length= 0x1 | compression_methods= ['NULL'] | extensions_length= 0x7 | extensions | |###[ TLS Extension ]### | | type= supported_versions | | length= 0x3 | |###[ TLS Extension Supported Versions ]### | | length= 0x2 | | versions= ['TLS_1_3_DRAFT_18'] 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 17
  • 19. A TLS 1.3 server server_hello = TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSServerHello(version=version, cipher_suite=TLSCipherSuite.TLS_AES_256_GCM_SHA384, extensions=[key_share])]) client_socket.sendall(server_hello) client_socket.sendall(TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSEncryptedExtensions(extensions=[named_groups]), TLSHandshake() / TLSCertificateList() / TLS13Certificate( certificates=certificates)])) client_socket.sendall(TLSHandshakes(handshakes=[ TLSHandshake() / TLSCertificateVerify(alg=TLSSignatureScheme.RSA_PKCS1_SHA256, sig=client_socket.tls_ctx.compute_server_cert_verify())])) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 18
  • 20. WHAT TO LOOK FOR 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 19
  • 21. Recon • Fingerprint possible fork • OpenSSL empty plaintext fragment • JSSE, NSS stacked handshake • Difference in Alert type when tampering with Finish message • Alert is loosely defined, so stack specific 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 20
  • 22. State machine • Tricky testing: mostly manual work and knowledge of RFC • Automated testing: FlexTLS: – Example: mono FlexApps.exe -s efin --connect localhost:8443 • Gives a good starting point for manual testing • Lot of legacy stuff: server-gated cryptography anyone? 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 21
  • 23. Diffie Hellman • Check the validity of server (EC)DH params – Group size – Primality – Subgroup confinement attack (e.g: Off curve test (EC)) – Signature algo used – … • Send interesting values (small, non-prime, …) • Scapy-ssl_tls uses TinyEC for EC calculation • Allows to perform EC arithmetic 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 22
  • 24. Side channels (RSA) • Pre Master Secret is decrypted • TLS mandates PKCS1 v1.5 for padding • This needs to be constant time, see classic Bleichenbacher • Time and Check for response difference on invalid padding (alert vs tcp reset) • Can use pybleach pkcs1_test_client.py to generate faulty padding for your PMS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 23
  • 25. Side channels (ciphers) • Padding and MAC checks must be constant time • Alert type must be identical • Time and check response when flipping bytes in padding and MAC • Check for nonce reuse 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 24
  • 26. Proper byte checking • Some implementation only verify a few bytes of padding, MAC and verify_data (finish hash) • All bytes must be checked for obvious reasons • Send application data packets with flipped padding, MAC and verify_data • Make sure you always get an alert 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 25
  • 27. Fragmentation • Any packet above 2**14 (16384) bytes must be fragmented • But any fragment size can be chosen • Some stacks don’t cope well with TLS re-assembly • Can be used to bypass devices which parse TLS, but fail- open • Server can be requested to fragment using the Maximum Fragment Length Negotiation extension • DTLS allows to specify the fragment offset in the handshake 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 26
  • 28. TLS 1.3 specific • Spec doesn’t leave a lot of room for implementation errors • Handling of 0-RTT, early data, PFS • Resumption checks (SNI) 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 27
  • 29. CONCLUSION 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 28
  • 30. Strengths • Scapy-ssl_tls can speed up PoC development • PoC can be re-used as part of testing QA and regression • Valuable to reproduce findings & develop mitigations • Help in learning & experimenting with TLS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 29
  • 31. Thanks • Thanks to tintinweb who started the project • Bugs: https://github.com/tintinweb/scapy- ssl_tls/ • Contact: – Github: alexmgr 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 30
  • 32. THANKS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 31
  • 33. IF TIME ALLOWS 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 32
  • 34. Fuzzing • Provides basic fuzzing through scapy • Tries to be smart by preserving semantically necessary fields • Use fuzz() function on any element 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 33 fuzz(TLSRecord()/TLSHandshake(type=TLSHandshakeType.SUPPLEMENTAL_DATA)/TLSAlert()).show2() ###[ TLS Record ]### content_type= handshake <= preserved version= 0x7391 <= fuzzed length= 0x6 <= preserved ###[ TLS Handshake ]### type= supplemental_data <= overriden length= 0x2 <= preserved ###[ Raw ]### load= '(r’ <= fuzzed
  • 35. Fuzzing • Only good for basic fuzzing • Simple to plug in your own fuzzer • Just generate data, scapy-ssl_tls takes care of the rest • Good targets: TLS extensions, certificates, … 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 34
  • 36. Examples • The example section contains some useful base tools: – RSA session sniffer: given a cert, can decrypt wire traffic (like Wireshark) – Security scanner: a rudimentary TLS scanner (versions, ciphers, SCSV, …) – Downgrade test – … • Just baselines to write your own tools 18 May 2017 Alex Moneger - Scapy TLS: a scriptable TLS 1.3 stack 35

Notas del editor

  1. I’m quite slow, so to fully understand something, I need to repro and play with it
  2. Customer don’t always understand the practical impact. No kidding, sometimes as a security engineer it takes you a few hours/days But your response team has to provide a statement quickly Both approaches require you to understand the issue in depth. But it’s harder to make a mistake with a PoC. It’s also easier to perform code review with a PoC PoC provides reproducibility, which provides Q&A and regression for free
  3. Writing an offensive stack is very different. All recommendations you normally provide to devs should be ignored. Do not validate length, format, signatures, … All validation is up to you, scapy-ssl_tls only reports data
  4. cd /Users/amoneger/projects/contrib/scapy-ssl_tls tests/integration/openssl_tls_server.sh tls1_2 Enter TLS and press tab to autocomplete Craft a TLSRecord with a TLSHandshake. Do a show(), do a ls() Modify length field of the record
  5. With transparent decryption p = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(extensions=[TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(18)])])])
  6. p = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_256_GCM_SHA384], extensions=[TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(18)])])])
  7. Custom stacks seem to generally be forks of OSS projects at one stage. It is interesting to try and fingerprint where it comes from, to then try and look for known implementation vulnerabilities on the stack You can probably pinpoint to the version with some research
  8. FlexTLS is based on miTLS which is A Verified Reference Implementation of TLS It implements a number of know attacks against the TLS state machine. Source code was only very recently released. A great reference tool to go after TLS state machine server-gated cryptography: client renegotiation based on server cert
  9. TLS 1.3 killed this
  10. Mention that PMS should start by handshake client version. Prevents rollback attacks TLS 1.3 killed this
  11. TLS 1.3 killed this
  12. Padding in TLS can be any length upto 255 bytes. Check that implementation respects that.
  13. DTLS is like IP from the old days ;) Possible values start at 2**9 = 512. Only active after Server Hello is received.