SSL or secure socket layer seems to be more secure but what keep in mind there is no security in this world there is only an opportunity, as discussed how to crack SSL on backtrack machine. Now the question how to measure the performance of SSL certificate the problem has been solved because THC just release a tool called THC-SSL-DOS the hacker choice. The hacker choice is a group of German hackers and THC-hydra is good password cracker that has also released by this team.
What is THC-SSL-DOS ?
THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.
This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.
“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”, Says a THC member, referring to 3 major vulnerabilities disclosed in SSL over the past 3 years.
Windows binary: thc-ssl-dos-1.4-win-bin.zip Unix Source : thc-ssl-dos-1.4.tar.gz
Use “./configure; make all install” to build.
./thc-ssl-dos 127.3.133.7 443Handshakes 0 [0.00 h/s], 0 Conn, 0 ErrSecure Renegotiation support: yesHandshakes 0 [0.00 h/s], 97 Conn, 0 ErrHandshakes 68 [67.39 h/s], 97 Conn, 0 ErrHandshakes 148 [79.91 h/s], 97 Conn, 0 ErrHandshakes 228 [80.32 h/s], 100 Conn, 0 ErrHandshakes 308 [80.62 h/s], 100 Conn, 0 ErrHandshakes 390 [81.10 h/s], 100 Conn, 0 ErrHandshakes 470 [80.24 h/s], 100 Conn, 0 Err
Tips & Tricks for whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, … or the secure database port).