ic0ns
commented
5 years ago Your version almost 3 years old - is there a particular reason why you are not using the new version? It also has the invalid curve attack.
Closed parthsankhala78 closed 5 years ago
ic0ns
commented
5 years ago Your version almost 3 years old - is there a particular reason why you are not using the new version? It also has the invalid curve attack.
parthsankhala78
commented
5 years ago with newer version, the latest one i have tried. it is giving me some config error saying -
[main] INFO : InvalidCurveAttacker - Did not receive ServerHello. Check your config
...Vulnerable: Uncertain..
And when i execute attack i get the following exception:::
ic0ns
commented
5 years ago This means that TLS-Attacker was unable to even receive a ServerHello before it could perform the Test. This may for example be the case if the host does not support Elliptic Curves at all. If the server indeed supports EC, it might be the case that the server exhibits some sort of intolerance which makes it reject the initial Clienthello. In that case you can play with the config (not trivial) to make the server accept the message. Alternatively - if you are just interested in a simple test - you can use TLS-Scanner (https://github.com/RUB-NDS/TLS-Scanner) which will also perform the invalid curve test for you.
parthsankhala78
commented
5 years ago This means that TLS-Attacker was unable to even receive a ServerHello before it could perform the Test. This may for example be the case if the host does not support Elliptic Curves at all. If the server indeed supports EC, it might be the case that the server exhibits some sort of intolerance which makes it reject the initial Clienthello. In that case you can play with the config (not trivial) to make the server accept the message. Alternatively - if you are just interested in a simple test - you can use TLS-Scanner (https://github.com/RUB-NDS/TLS-Scanner) which will also perform the invalid curve test for you.
How do I play with the config and make the server accpet the message hello.
Also, Why is the null pointer exception occurring when i just execute attack (see the bottom part in the last screenshot that I posted).
I want to execute the invalid curve attack anyhow. Please help.
ic0ns
commented
5 years ago Besides the most commonly need parameters in the commandline reference, you can specify a custom config with the -config flag. For a full reference of available Values see: https://github.com/RUB-NDS/TLS-Attacker/blob/master/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java The Attack is throwing a NullpointerException for the same reason the scan is not working - you did not receive a ServerHello.
parthsankhala78
commented
5 years ago Besides the most commonly need parameters in the commandline reference, you can specify a custom config with the -config flag. For a full reference of available Values see: https://github.com/RUB-NDS/TLS-Attacker/blob/master/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java The Attack is throwing a NullpointerException for the same reason the scan is not working - you did not receive a ServerHello.
How do i make it receive a ServerHello in my case? Can you help me with this.
ic0ns
commented
5 years ago Please provide the scanner output of TLS-Scanner. It can scan for various features and intolerances which will help us track down the problem.
parthsankhala78
commented
5 years ago Please provide the scanner output of TLS-Scanner. It can scan for various features and intolerances which will help us track down the problem.
This is the outcome of the Attacker(Upper) and the Server(Lower) terminal. In this we can clearly see that server is receiving ServerHello.: This is the outcome when i just connect the attacker to server:::
This is when i execute the attack::::
Then why is the null pointer exception occuring??
ic0ns
commented
5 years ago The Nullpointer exception is occuring at:
message.getComputations().setComputedPublicKeyX(x);
This is because message.getComputations() is null. This is the case if the message was not acutally computed, for example because the workflow not executed. The InvalidCurve Attack needs to execute multiple Workflows during the evaluation. If one of them does not execute properly you likely will receive a similar exception. The provided example Server you used to test this is not configured to execute multiple handshakes and shuts itself down after the first one, which will in return results in the second handshake not finishing. Additionally, the started Server is also not configured to speak EC, but is using RSA (default config). TLS-Attacker allows you to do this - but this is likely not what you had in mind.
parthsankhala78
commented
5 years ago The Nullpointer exception is occuring at:
message.getComputations().setComputedPublicKeyX(x);This is because message.getComputations() is null. This is the case if the message was not acutally computed, for example because the workflow not executed. The InvalidCurve Attack needs to execute multiple Workflows during the evaluation. If one of them does not execute properly you likely will receive a similar exception. The provided example Server you used to test this is not configured to execute multiple handshakes and shuts itself down after the first one, which will in return results in the second handshake not finishing. Additionally, the started Server is also not configured to speak EC, but is using RSA (default config). TLS-Attacker allows you to do this - but this is likely not what you had in mind.
I am using the same TLS Attacker(Attacks.jar- invalid_curve) and the TLS Server that is provided in this project. I have even disabled TLS security in my system. Then why is the second handshake not finishing. and what should i do to make the server finish the second hand shake? Is there any registry changes that we have to do? or any config changes that will make the attack run?
ic0ns
commented
5 years ago The TLS-Attacker TLS-Server application does NOT work like any other TLS-Server. TLS-Attacker is designed to allow you to explicitly behave NOT according to the Specification. This is intended for security researchers and pentesters alike. The TLS-Server application is intended to analyze client applications - not to evaluate the provided attacks. Disabling TLS security on your System has no effect for TLS-Attacker since it provides its own custom TLS-Stack which ignores everything your operating system provides. If you want to test the invalid curve attack with a local server you need to run a real tls-server. If you run this tool against a real server, the server has to support static elliptic curve ciphersuites. TLS-Attacker also provides an option to test ephemeral ciphersuites with the -ephemeral flag. Note that this usually requires the server to reused public keys to be vulnerable. If the tool is still not working it is very likely that the server exhibits some sort of intolerance or requires the pressence of specific extensions which are not sent by default (SNI may be such a case (not sure if it is sent by default)). If you need further assistence I can only help you if you provide me access to the server - or atleast provide me TLS-Scanner AND Debug output of the tools.
parthsankhala78
commented
5 years ago The TLS-Attacker TLS-Server application does NOT work like any other TLS-Server. TLS-Attacker is designed to allow you to explicitly behave NOT according to the Specification. This is intended for security researchers and pentesters alike. The TLS-Server application is intended to analyze client applications - not to evaluate the provided attacks. Disabling TLS security on your System has no effect for TLS-Attacker since it provides its own custom TLS-Stack which ignores everything your operating system provides. If you want to test the invalid curve attack with a local server you need to run a real tls-server. If you run this tool against a real server, the server has to support static elliptic curve ciphersuites. TLS-Attacker also provides an option to test ephemeral ciphersuites with the -ephemeral flag. Note that this usually requires the server to reused public keys to be vulnerable. If the tool is still not working it is very likely that the server exhibits some sort of intolerance or requires the pressence of specific extensions which are not sent by default (SNI may be such a case (not sure if it is sent by default)). If you need further assistence I can only help you if you provide me access to the server - or atleast provide me TLS-Scanner AND Debug output of the tools.
Thank you for the support. Now I tried building the TLS scanner and this is the compilation problem that i am facing.:
ic0ns
commented
5 years ago The error indicates that you did not install TLS-Attacker 2.6. Please download TLS-Attacker 2.6 from the Releases Sektion (as well as TLS-Scanner 2.4 from the release section (not the current master branches) and install them with:
cd TLS-Attacker; mvn clean install; cd .. cd TLS-Scammer; mvn clean install
parthsankhala78
commented
5 years ago The error indicates that you did not install TLS-Attacker 2.6. Please download TLS-Attacker 2.6 from the Releases Sektion (as well as TLS-Scanner 2.4 from the release section (not the current master branches) and install them with:
cd TLS-Attacker; mvn clean install; cd .. cd TLS-Scammer; mvn clean install
Hi, I ran the scanner as you said. under section Attack Vulnerabilities i got the following output: Attack Vulnerabilities
I am using Java 8, Apache Maven 3.3.3. Compiled the older version(2016) of TLS Attacker successfully. Using Attacker as client and Study Transfer Unit(STU) as a Server, I ran an invalid_curve attack on the STU server. I get the following exception: E:\TLS-Attacker-master\Runnable>java -jar target\TLS-Attacker-1.0.jar invalid_curve 12:01:48.494 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Using the following security providers 12:01:48.497 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SUN, version, 1.8 12:01:48.497 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunRsaSign, version, 1.8 12:01:48.497 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunEC, version, 1.8 12:01:48.497 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunJSSE, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunJCE, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunJGSS, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunSASL, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider XMLDSig, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunPCSC, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider SunMSCAPI, version, 1.8 12:01:48.500 [main] DEBUG de.rub.nds.tlsattacker.tls.config.ConfigHandler - Provider BC, version, 1.54 Exception in thread "main" de.rub.nds.tlsattacker.tls.exceptions.ConfigurationException: Not possible to use unrestricted policy in Oracle JDK at de.rub.nds.tlsattacker.tls.config.ConfigHandler.initialize(ConfigHandler.java:85) at de.rub.nds.tlsattacker.Main.main(Main.java:145) Caused by: java.lang.IllegalAccessException: Can not set static final boolean field javax.crypto.JceSecurity.isRestricted to java.lang.Boolean at sun.reflect.UnsafeFieldAccessorImpl.throwFinalFieldIllegalAccessException(UnsafeFieldAccessorImpl.java:76) at sun.reflect.UnsafeFieldAccessorImpl.throwFinalFieldIllegalAccessException(UnsafeFieldAccessorImpl.java:80) at sun.reflect.UnsafeQualifiedStaticBooleanFieldAccessorImpl.set(UnsafeQualifiedStaticBooleanFieldAccessorImpl.java:77) at java.lang.reflect.Field.set(Field.java:764) at de.rub.nds.tlsattacker.tls.config.ConfigHandler.initialize(ConfigHandler.java:82) ... 1 more
Please Help with the issue: