BEAST代表 针对SSL / TLS的浏览器利用。这是针对网络漏洞的攻击 TLS 1.0 and 较旧的SSL协议. The attack was first performed in 2011 通过 security researchers Thai Duong 和 Juliano Rizzo but the theoretical vulnerability was discovered in 2002 通过 Phillip Rogaway.

我们为什么要谈论这种古老的攻击技术?根据针对的研究 2020年Acunetix Web应用程序漏洞报告,仍有30.7%的扫描Web服务器仍启用了易受攻击的TLS 1.0,这意味着它们容易受到BEAST攻击。

This shows how IT security is still a major issue for businesses 和 no matter how many new features improving security are introduced in software, old attacks are still a major problem. This situation also applies to SSL/TLS vulnerabilities including BEAST, BREACH, POODLE, or OpenSSL Heartbleed.

BEAST攻击如何工作

The Transport Layer 安全 (TLS) protocol is a successor to Secure Sockets Layer (SSL). Both are cryptographic protocols that let you use different cipher suites to encrypt the communication between a web browser 和 a web server. This makes it impossible for someone to listen in on the communication 和 steal confidential data.

Attackers may be able to tap into the conversation between a web server 和 a web browser using 中间人 attack techniques. If they do 和 if there is no encryption, they have access to all the information exchanged between the web server 和 web browser: passwords, credit card numbers, etc.

However, even encryption might have its weaknesses 和 be broken. This is exactly the case with the BEAST attack. The researchers found that TLS 1.0 (and older) encryption can be broken quickly, giving the attacker an opportunity to listen in on the conversation.

如果您的服务器支持TLS 1.0,则攻击者可以使它相信这是客户端可以使用的唯一协议。这称为协议降级攻击。然后,攻击者可以使用BEAST攻击进行窃听。

BEAST的技术细节

TLS协议使用具有分组密码的对称加密。对称加密意味着需要相同的密钥来加密和解密消息。分组密码意味着信息以固定长度的数据块加密。如果没有足够的数据用于最后一个块,则将填充最后一个块。一些流行的分组密码是DES,3DES和AES。

If the same data 和 the same key always gave the same encrypted content, an attacker could easily break any encryption. That is why TLS uses initialization vectors. This means, that encryption is seeded using random content. This way, if you use the same data 和 the same key many times, every time you end up with different encrypted content.

但是,使用随机数据为块密码中的每个块设定种子并不是有效的方法。这就是为什么SSL / TLS也使用 密码块链接 (CBC)。使用逻辑XOR操作将块彼此链接。实际上,这意味着每个块的值取决于前一个块的值。因此,代表某些原始数据的加密值取决于该数据的前一个块。

进攻技巧

破解代码的基本原则是:一切都可以破解,这只需要花费多长时间。相同的原则适用于SSL / TLS密码。好的密码并非不可能破解。中断根本是不切实际的-使用当前的计算资源不可能在合理的时间内中断。

The attacker could break a block cipher 通过 trying different combinations 和 seeing if they get the same result with the same initialization vector (which they know). However, they can only check that for a whole block at a time, 和 a block can have, for example, 16 通过 tes. This means that for the block to be checked, the attacker would have to test 25616 每个区块的组合(3.4028237e + 38)。

BEAST攻击所做的就是变得更加简单:攻击者一次只需要猜测一个字节。如果攻击者可以预测大多数数据(例如HTML代码)并且仅需要一条秘密信息(例如密码),则可以这样做。然后,攻击者可以仔细测试加密,选择正确的数据长度,以便他们在一个块中只有一个字节的信息,而这些字节是他们所不知道的。然后,他们可以仅针对该字节的256个组合测试该块。然后,他们对下一个字节重复该过程,很快就输入了整个密码。

BEAST是实际攻击吗?

BEAST攻击不容易执行。攻击者必须使用其他漏洞利用才能成为中间人并将内容注入流中。发现此漏洞的研究人员使用Java小程序,但攻击者也可以使用JavaScript。即使攻击者诱使用户运行易受攻击的Java或JavaScript代码,Web应用程序也默认使用 同源政策 并且这使得注入成为不可能(除非Web应用程序具有覆盖默认策略的服务器端CORS标头)。

The difficulty of the attack is why this vulnerability is rarely exploited, despite a third of the websites still supporting the vulnerable TLS 1.0 protocol (according to our statistics). However, it is possible 和 therefore you should protect yourself against it.

如何发现您的Web服务器是否容易受到BEAST攻击

发现您的Web服务器是否容易受到BEAST攻击非常容易。如果它支持TLS 1.0或任何版本的SSL,则容易受到BEAST攻击。

You can easily discover if your web server supports TLS 1.0 or any version of SSL using Acunetix or manually. The advantage of using Acunetix is: you will also find all your web vulnerabilities that other tools won’t discover. And what’s the point of fixing just one vulnerability 和 not even knowing about others, which may be just as dangerous?

BEAST显示了网络漏洞和网络漏洞之间的主要区别:即使使用免费工具,网络漏洞也很容易检测到,消除这些漏洞的唯一方法是升级受影响的软件或硬件。 Web漏洞必须通过Acunetix之类的专用软件来检测,并且可以通过修复应用程序代码来消除。

如何修复BEAST漏洞

最初,建议将RC4密码用于缓解BEAST攻击(因为它是流密码,而不是分组密码)。但是,后来发现RC4不安全。当前,PCI DSS(支付卡行业数据安全标准)禁止使用此密码。因此,永远不要使用此方法来保护自己免受BEAST的侵害。

Just as with other network vulnerabilities, there is just one simple fix to BEAST: turn off TLS 1.0 和 older protocols. Here is how you can do it for the most popular web server software. What we recommend is also disabling TLS version 1.1 和 leaving just TLS 1.2 running (all major browsers such as 谷歌 Chrome, Firefox, 和 Safari support TLS 1.2).

Apache Web服务器

编辑 SSL协议 directive in the ssl.conf 文件,通常位于 /etc/httpd/conf.d/ssl.conf。 例如,如果您有:

SSL协议 all -SSLv3

更改为:

SSL协议 TLSv1.2

然后,重新启动 httpd.

NGINX

编辑 ssl_protocols directive in the nginx.conf 文件。例如,如果您有:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

更改为:

ssl_protocols TLSv1.2;

然后,重新启动nginx。

微软IIS

要在Microsoft IIS中禁用TLS 1.0,您必须 编辑注册表设置 在Microsoft Windows操作系统中。

  1. 打开注册表编辑器
  2. 找到问题的关键 HKLM SYSTEM \ CurrentControlSet \ Control \ 安全Providers \频道\协议\TLS 1.0\服务器
  3. 更改DWORD值 已启用 entry to 0.
  4. 创建一个 默认禁用 entry 和 change the DWORD value to 1.

Repeat the above steps for all versions of SSL 和 TLS 1.1 (if you want to go along with our recommendation 和 disable it, too).

资源://www.acunetix.com/blog/web-security-zone/what-is-beast-attack/