Overview of SSL Attacks and How to Find SSL Vulnerabilities in Web Applications
A Secure Socket Layer (SSL) is an Application layer protocol responsible for the security of data while in communication. If a website is using an SSL certificate, the communication data between your browser and the web server is safe from bad people. But as time passes, Researchers identify vulnerabilities in SSL and consider it as less secure, Transport Layer Security (TLS) is a more secure version of SSL. This blog covers security features provided by SSL/TLS, SSL attacks, and how to test those vulnerabilities against servers.
What are the security features provided by SSL/TLS if correctly implemented:
Confidentiality - protect communication data by encrypting
Integrity - protect communication data against modifying data
Authentication- verify data is received from genuine servers
SSL Attacks
BEAST attack (CVE-2011-3389, TLS v1.0) - This vulnerability is available in TLS 1.0 and SSL protocols. BEAST stands for Browser Exploit Against SSL/TLS.
BREACH attack (CVE-2013-3587) -BREACH stands for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext.
PODDLE attack (CVE-2014-3566, SSLv3) - This vulnerability forces web servers to downgrade protocol from TLS to SSLv3 by disturbing handshakes between the client and server.
DROWN attack (CVE-2016-0800) - DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. A serious vulnerability that allows attackers to decrypt TLS connections one at a time that supports SSLv2 by using the same private key.
How to test SSL-related vulnerabilities
Many websites and open-source scripts are available to test SSL-related vulnerabilities. You can use both of them to identify vulnerabilities. One such open-source tool/script is testssl.sh which you can use on your machine while offline also. Click Here to refer to the whole tutorial of testssl.sh to test SSL-related vulnerabilities.
Qualys is another web interface tool to identify SSL-related vulnerabilities. You just need to give a URL (Hostname) and you get a whole set of vulnerabilities in your web application.
This tool gives details related to server key certificates, protocols, ciphers suites, handshake simulation, etc. Also, the overall rating is provided by the tool as provided below:
Other available tools to test SSL-related vulnerabilities
Web-based Applications
(1) ImmuniWeb
(2) Hardenize
(4) Cryptcheck
Offline Tools/Scripts
(1) O-Saft
(2) SSLyze
Conclusion
SSL/TLS is the best defense mechanism to protect data in communication only when it is implemented in its updated version and securely configured. It is recommended to run different tools discussed in the blog to identify SSL vulnerabilities.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
