Overview of SSL Attacks and How to Find SSL Vulnerabilities in Web Applications

Secure Socket Layer (SSL) is an Application layer protocol responsible for the security of data while in communication. If a website is using SSL certificate, the communication data between your browser and the webserver is safe from bad people. But as time passes, Researchers identify vulnerabilities in SSL and consider it as less secure, Transport Layer Security (TLS) is a more secure version of SSL. This blog covers security features provided by SSL/TLS, SSL attacks, and how to test those vulnerabilities against servers.

What are the security features provide by SSL/TLS if correctly implemented:

Confidentiality - protect communication data by encrypting

Integrity - protect communication data against modifying data

Authentication- verify data is received from genuine servers

SSL Attacks

BEAST attack (CVE-2011-3389, TLS v1.0) - This vulnerability is available in TLS 1.0 and SSL protocols. BEAST stands for Browser Exploit Against SSL/TLS.

BREACH attack (CVE-2013-3587) -BREACH stands for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext.

PODDLE attack (CVE-2014-3566, SSLv3) - This vulnerability force web servers to downgrade protocol from TLS to SSLv3 by disturbing handshake between the client and server.

DROWN attack (CVE-2016-0800) - DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. A serious vulnerability that allows attackers to decrypt TLS connections one at a time that supports SSLv2 by using the same private key.

How to test SSL related vulnerabilities

Many websites and open-source scripts are available to test SSL-related vulnerabilities. You can use both of them to identify vulnerabilities. One such open-source tool/script is testssl.sh that you can use on your machine while offline also. Click Here to refer to the whole tutoria of testssl.sh to test SSL-related vulnerabilities.

Qualys is another web interface tool to identify SSL-related vulnerabilities. You just need to give a URL (Hostname) and you get a whole set of vulnerabilities in your web application.

This tool gives details related to server key certificates, protocols, ciphers suites, handshake simulation, etc. Also, the overall rating is provided by the tool as provided below:

Other available tools to test SSL related vulnerabilities

Web-based Applications

(1) ImmuniWeb

(2) Hardenize

(3) Observatory by Mozilla

(4) Cryptcheck

Offline Tools/Scripts

(1) O-Saft

(2) SSLyze

Conclusion

SSL/TLS is the best defense mechanism to protect data in communication only when it is implemented in its updated version and securely configured. It is recommended to run different tools discussed in the blog to identify SSL vulnerabilities.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.