Labarin kwanan nan ya saki ta a ƙungiyar masu bincike daga jami'o'i daban-daban a Jamus, wadandas sun kirkiro wata sabuwar hanyar kai hari ta MITM akan HTTPS, wanda ke ba da damar cire kukis tare da ID na zaman da sauran bayanai masu mahimmanci, tare da aiwatar da lambar JavaScript ba bisa ƙa'ida ba a cikin mahallin wani shafin.
Ana kiran harin ALPACA kuma ana iya amfani dashi ga sabobin TLS Suna aiwatar da ladabi na layin aikace-aikace daban-daban (HTTPS, SFTP, SMTP, IMAP, POP3), amma suna amfani da takaddun TLS gama gari.
Mahimmancin harin shi ne cewa idan akwai iko akan hanyar shiga hanyar sadarwa ko hanyar shiga mara waya, mai kawo hari zai iya tura zirga-zirga zuwa tashar jiragen ruwa daban kuma shirya don kafa haɗin ba zuwa uwar garken HTTP ba, amma zuwa FTP ko uwar garken wasiku wanda ke goyan bayan ɓoye TLS.
Tunda ladabi TLS na duniya ne kuma ba a ɗaure shi da ladabi na matakin aikace-aikace ba, kafa haɗin ɓoyayyen haɗi don duk sabis iri ɗaya ne kuma kuskure yayin aika buƙata zuwa sabis ɗin da ba daidai ba za'a iya gano shi sai bayan kafa ɓoyayyen zaman yayin aiki. umarni na ƙaddamar da buƙata.
Haka kuma idan, misali, tura turawar mai amfani, da farko an tura zuwa HTTPS, zuwa sabar wasiku ta amfani da takaddar gama gari tare da uwar garken HTTPS, haɗin TLS zai kasance cikin nasara, amma uwar garken wasiku ba zai iya aiwatar da umarnin HTTP da aka watsa ba kuma zai dawo da amsa tare da lambar kuskure . Wannan binciken za a sarrafa shi ta hanyar mai bincike azaman amsa daga rukunin yanar gizon da aka nema, wanda aka watsa ta cikin ingantacciyar hanyar sadarwa da aka ɓoye.
Ana ba da shawarar zaɓuɓɓuka uku:
- «Loda» don dawo da Kukis tare da matakan tabbatarwa: Hanyar ana amfani da ita idan uwar garken FTP da takaddar TLS ta rufe ya baka damar saukarwa da dawo da bayananka. A cikin wannan bambancin harin, mai kai hari zai iya cimma adana ɓangarorin asalin buƙatun HTTP na mai amfani, kamar abubuwan da ke cikin taken Cookie, misali, idan uwar garken FTP ta fassara buƙata azaman fayil don adana ko rijistar ta cika buƙatun shigowa. Don cin nasara kai hari, maharbi yana buƙatar dawo da abubuwan da aka adana ta wata hanya. Harin ya dace da Proftpd, Microsoft IIS, vsftpd, filezilla, da serv-u.
- Zazzage don rubutun giciye (XSS): Hanyar tana nuna cewa mai kai hari, sakamakon wasu magudi na masu zaman kansu, na iya sanya bayanai a cikin sabis ta amfani da takaddar TLS gama gari, wanda za'a iya ba da shi saboda amsa daga buƙatar mai amfani. Harin yana amfani ne da sabobin FTP da aka ambata, sabobin IMAP da sabobin POP3 (masinja, cyrus, kerio-connect da zimbra).
- Waiwaye don gudanar da JavaScript a cikin mahallin wani shafin: Hanyar ta dogara ne akan dawo da wani ɓangare na buƙata ga abokin ciniki, wanda ke ƙunshe da lambar JavaScript da maharin ya aika. Wannan harin ya dace da sabobin FTP da aka ambata, cyrus, kerio-connect da zimbra IMAP sabobin, da kuma uwar garken aika sakon SMTP.
Alal misali, lokacin da mai amfani ya buɗe shafin da maharin ke sarrafawa, ana iya farawa da neman albarkatu daga wani shafi inda mai amfani yake da lissafi mai aiki daga wannan shafin. A cikin harin MITM, Wannan buƙatar zuwa shafin yanar gizon za a iya miƙa shi zuwa uwar garken imel wanda ke ba da takardar shaidar TLS.
Tunda sabar wasiku bata fita ba bayan kuskuren farko, za a sarrafa kanun labarai da umarni azaman umarnin da ba a sani ba.
Sabar imel ba ta yin cikakken bayani game da yarjejeniyar HTTP kuma saboda wannan ana amfani da kanun labarai da kuma toshe bayanan bayanan bukatar ta POST iri daya, saboda haka a jikin bukatar ta POST zaka iya tantance layi tare da umarnin zuwa uwar garken wasiku.
Source: https://alpaca-attack.com/