I am debugging my Windows app which has SSL/TLS pinning, and i want to bypass/remove it so i can debug the endpoints. How could I get the CLIENT_HANDSHAKE that the app uses?
I can definitely patch the app but not the code because it would make the app vulnerable. So how could I do this?
In the TLS Handshake a
Certificate message is sent. This message contains the (chain of) certificates needed to validate the provided certificate of the communicating party.
However, I have also read some papers, and also defined in RFC5280, that the certification path process is challenging; and, an algorithm is needed to actually do the path construction.
This confused me, since during the TLS Handshake the chain of trust is provided in the
Certificate message. Therefore I was wondering: Is a Certification path algorithm also needed in the TLS protocol?
- If so, why is it needed? As far that I know, the
Certificate message sends all the certificates in the chain of trust.
- If not, is it true then that the
Certificate message does not (always) provide all the certificates in the chain? Or maybe, does the certification path algorithm not apply at all for SSL/TLS; but for what kind of protocols is it needed then?
While trying to answer this question it occurred to me that while there’s many good answers about the strengths and weaknesses of SSL/TLS in terms a security professional or software developer can understand, there’s not many good responses that a layman might be able to properly understand.
For instance, we describe some variants of TLS/SSL as “insecure”, which in the security world has a somewhat specialized meaning that might be summarized as “There’s some known vulnerabilities that significantly degrade the security, and you should likely disable this variant on your servers.”. A layman might interpret “insecure” as “simple to exploit”, which isn’t necessarily true.
So can someone provide a good layman’s explanation as to the current security level offered by SSL/TLS? The answer should include the resources of the attacker, the effort, resources, and access involved, and (possibly) the cost.
The answer might also include other ways to achieve the same goal without attacking SSL/TLS, and risks we all take for granted every day. (My credit card, for instance, was compromised and used for fraud last year when Newegg got hacked)
When setting up the WPForms WP Mail SMTP plugin, I got this choice:
Encryption: ( ) None ( ) SSL ( ) TLS
For most servers TLS is the recommended option. If your SMTP provider offers both SSL and TLS options, we recommend using TLS.
What do those options mean? Do they mean (like in normal conversation):
- SSL = SSLv3
- TLS = at least TLS 1.0
or do they mean (like in Outlook and some other mail clients):
I was assuming the latter, because that is really common with mail stuff.
But if that is the case, why would the plugin recommend to prefer “TLS” (STARTTLS, which is insecure) to “SSL” (TLS, which is safe)?
People trust green bars, because it is proven to not to be of malicious origin.
This seems to be the questions of hundreds and many are concerned about it, picture that; a team of fraudsters(or at least one), promote their website to many people with the use of Facebook and Twitter advertising who can be easily set up in no time. (1).
The fraudulent websites created a site, looking real etc.. and as already said they have an EV certificate verified implemented. In what ways could such thing be successfully be done, how do certificate distributors verify who that who is(if it can be faked)? (2).
This question already has an answer here:
- Can VPN provider see my data? 2 answers
When communicating with a server using SSL/TLS via a VPN, can the VPN or ISP intercept the communication and understand the data being sent?
I have started learning android pentesting. I want to know what is ssl/tls renegotiation. On a blog written on mcafee’s website, it says that ecommerce apps use renegotiation. Can anyone tell me, how they use this process?
I have an application where there I’m planning the following setup:
user <-----------------> layer 1 server <------------------> backend server internet (https) RPC through VPN
So when a user makes a request, it goes through standard SSL/TLS to the layer 1 server, then that has a program that calls a software in another location through the internet, which is connected to the layer 1 server through an OpenVPN connection.
To simplify the design of my application, I’d prefer that the RPC connection is without SSL/TLS. I’m thinking of that VPN connection as a replacement to the security requirements of a TLS encrypted connection. Does this provide the same security level?
The RPC sends user/password data to the server, which it just forwards to the backend server after wrapping it with some other objects.
What are the expected drawbacks from such a design?
Скажите, пожалуйста, кто-то занимался подобным? С чего следует начать, если никогда раньше в API не лез? Спасибо заранее.
I ran a vulnerability scan and I got these results for ports 993, 995, and 5432. I am running Dovecot for POP3S and IMAPS and Postgres for port 5432. I got these results from the vulnerability scan:
Summary: This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with ‘Opportunistic TLS’ and weak cipher suites on port 25/tcp is reported. If too strong cipher suites are con gured for this service the alternative would be to fall back to an even more insecure cleartext communication.
Vulnerability Detection Result:
‘Weak’ cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_SEED_CBC_SHA
‘Weak’ cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_SEED_CBC_SHA
‘Weak’ cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_SEED_CBC_SHA
Solution – Solution type: Mitigation The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore. Please see the references for more resources supporting you with this task.
Vulnerability Insight These rules are applied for the evaluation of the cryptographic strength:
- RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808).
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-4000).
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong
I am new to this kind of thing and I tried looking for a way to fix this vulnerability. I am sure that there is a configuration file I am supposed to change, but I don’t know what to do. I want to figure out how to disable the weak cipher suites for each of these ports. Could someone please help me out?