5. SSL/TLS AUTHENTICATION
• Certificate Authority (CA) issues the signed certificate for subject’s public key
• Clients trust some root CAs beforehand
• Clients verify the chain of certificates until it reaches the trusted root CA
5
Client Server CA Root CA
Verify each signature
by issuer’s public key
Private key
Public key
signature = ENCRYPT(HASH(certificate content), privkey)
sign
6. SSL/TLS ENCRYPTION
• A client generate a session key (e.g. AES key)
• The client and the server share the session key
• By the key exchange algorithm (e.g. RSA or ECDHE)
• After all, the payload is encrypted by the session key
6
Client Server
Payload
Session key
(shared by each other)
7. WE CANNOT SEE HTTPS PAYLOADS AS IS
• In Wireshark 1.12.4
7
8. DECRYPTING HTTPS PAYLOADS IN WIRESHARK
• Register the destination server’s private key
• Need to own the server
• If I have Google’s private key, I will be in the jail
• Only works when RSA key exchange is used
• Ineffective against ECDHE key exchange (because of forward secrecy)
8
9. SSLKEYLOGFILE ENVIRONMENT VARIABLE
• Make the browsers write session keys in a file
• Configure Wireshark to use the file for decrypting
• Don’t have to own the server & works with any key exchange algorithms
9
10. ANOTHER WAY… HTTPS PROXY
• Intercept HTTPS connection by Man-in-the-Middle
• The proxy terminates HTTPS connection and reconnects to the opposite
• The proxy can decrypt the payload by its private key
10
Client Proxy w/ CA Internet sites
HTTPS HTTPS
I’ll trust the
proxy!
Decrypt
all traffic!
Hello, proxy.
11. FIDDLER, BURP PROXY, OWASP ZAP ETC.
• Useful proxies for web vulnerability testing
• All supports HTTPS
• Programmable to some extent
• But GUI
• Basically they require user interactions
11
14. SONG 2 BY BLUR
• https://www.youtube.com/watch?v=SSbBvKaM6sk
• “I got my head checked
By a jumbo jet
It wasn't easy
But nothing is
No”
14
15. PROXY2
• https://github.com/inaz2/proxy2
• HTTP/HTTPS proxy in a single python script
• A successor of SimpleHTTPProxy [sumidasec 2013/12]
• Built on top of Python standard libraries (BaseHTTPServer, httplib, ssl etc.)
• HTTPS features depend on OPENSSL(1)
• Fully programmable by implementing handler functions in Python
• Trace HTTPS payloads
• Modify HTTPS payloads
• Save HTTPS payloads or stats to the storage
15
16. NEED TO TRUST IT AS A PRIVATE CA
• Execute “setup_https_intercept.sh” and run proxy2
• Configure the browser’s proxy setting
• Then access to http://proxy2.test/
16
17. TRACE HTTPS PAYLOADS
• Implemented and enabled by default
• Print headers and POST data with color
• Pretty-output query parameters, Cookies and JSON data
• Show the title of a HTML document
• Decode the credential of basic auth
17
33. THIS WEBSITE IS SECURED BY SSL?
• Yes, if you never trust any private CAs or compromised CAs
• Why was Superfish a big topic?
• A private CA was preinstalled in many Lenovo laptops
• All HTTPS payloads were decrypted without notice
• The same private key was embedded and its passphrase was weak
• Cracked in a moment
• As a result, anyone could be the CA and issue the certificate for any domains
• Malwares may install a private CA silently
• Certificate pinning doesn’t block it because it’s a PRIVATE CA
• http://inaz2.hatenablog.com/entry/2015/02/25/024431
33
34. END-TO-END ENCRYPTION
• Web Cryptography API
• Run crypto algorithms on web browsers
• http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/
• Intel AES-NI and Intel Secure Key (RDRAND)
• CPU instructions for AES calculation and random number generation
• https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-
instructions-aes-ni/
• https://software.intel.com/en-us/articles/intel-digital-random-number-generator-
drng-software-implementation-guide
34
35. RECAP
• Trusted HTTPS proxy can trace/modify all HTTPS payloads
• Useful for both web developers and security engineers
• Happy hacking
35
36. REFERENCES
• The HTTPS-Only Standard
• https://https.cio.gov/
• ImperialViolet - Decrypting SSL packet dumps
• https://www.imperialviolet.org/2012/06/25/wireshark.html
• Proxy War [OWASP DAY 2014/11]
• http://www.slideshare.net/zaki4649/proxy-war-42161988
• 自堕落な技術者の日記 : W3C Web Cryptography APIとの果てしなき戦い(第1
回) - livedoor Blog(ブログ)
• http://blog.livedoor.jp/k_urushima/archives/1758899.html
36