Friday, July 31, 2009

Breaking SSL with NULL Character


Another interesting post about what's happening at Las Vegas BlackHat event now, SSL.

Moxie Marlinspike and Dan Kaminsky had independently found a problem in most implementations that enables an attacker to create certificates that appear valid for any web site. By cleverly embedding NULL characters to the certificate name field, a browser will incorrectly match a malicious certificate to a valid web site.

Early this year, we see how sslstrip hijacking SSL at BlackHat DC. This time, both the experts make the attack even more effective. See here:
You (evil admin) apply for a certificate. The certificate authority (CA) looks at the common name (CN) on the form and contacts the domain owner. The CA ignores the subdomain.

The trick is to drop in a [NULL] character in the subdomain, such as www.paypal.com[NULL].eviladm.org, the CA will contact the owner of eviladm.org and issue the cert.

When clients use browser to verify the cert, the null character causes them to think the certficate is valid for www.paypal.com because they stop at the null character. Even if the client examines the cert in their browser, it will show www.paypal.com. wildcards work as well. you could get a certificate for *[NULL].eviladm.org and appear as any site you want.
Moxie has released his new code soon, to be part of sslsniff 0.6.