Heartbleed攻擊防范
概述
Heartbleed是一個(gè)出現(xiàn)在加密程序庫(kù)OpenSSL的安全漏洞,該程序庫(kù)廣泛用于實(shí)現(xiàn)互聯(lián)網(wǎng)的傳輸層(TLS)協(xié)議.它于2012年被引入了軟件中,2014年4月首次向公眾披露.只要使用的是存在缺陷的OpenSSL實(shí)例,無(wú)論是服務(wù)器還是客戶端,都可能因此而受到攻擊.此問(wèn)題的原因是在實(shí)現(xiàn)TLS的心跳協(xié)議時(shí)沒(méi)有對(duì)輸入進(jìn)行適當(dāng)驗(yàn)證(缺少邊界檢查),讀取的數(shù)據(jù)比應(yīng)該允許讀取的還多.當(dāng)前主流OpenSSL中已經(jīng)不存在這樣的漏洞了,本期實(shí)驗(yàn)需要在陳舊的Ubuntu12系統(tǒng)中完成.
實(shí)驗(yàn)環(huán)境
本期實(shí)驗(yàn)基于2臺(tái)Linux系統(tǒng),一臺(tái)作為攻擊者,一臺(tái)作為受害者.
攻擊者為咱們的主機(jī)kali linux,受害者為咱們提供的SEED Ubuntu.
實(shí)驗(yàn)中我們需要用到開源的HTTPS網(wǎng)站ELGG社交網(wǎng)站,在SEED Ubuntu中已經(jīng)搭建好了.
SEED Ubuntu下載地址如下:
鏈接: https://pan.baidu.com/s/1qRFpF8d5pz6MWNDRW164Bg
密碼: yi4s
實(shí)驗(yàn)環(huán)境下載好了之后,咱們需要在攻擊者系統(tǒng)上配置一下,以便于成功訪問(wèn)ELGG網(wǎng)站.
咱們的SEED Ubuntu系統(tǒng)的IP地址為192.168.59.148.
在\etc\hosts中添加配置192.168.59.148 www.heartbleedlabelgg.com.
現(xiàn)在,我們可以在攻擊者主機(jī)成功訪問(wèn)ELGG網(wǎng)站了. 如圖所示:
任務(wù)1:實(shí)現(xiàn)Heartbleed攻擊
- 理解心跳協(xié)議
心跳協(xié)議包含2種報(bào)文,心跳請(qǐng)求報(bào)文和心跳應(yīng)答報(bào)文.客戶端向服務(wù)端發(fā)送心跳請(qǐng)求報(bào)文,當(dāng)服務(wù)端收到請(qǐng)求報(bào)文之后,將請(qǐng)求報(bào)文的消息段copy,在心跳應(yīng)答報(bào)文中返回給客戶端.心跳協(xié)議的目的是確保連接的有效性.如圖所示:
- 實(shí)現(xiàn)Heartbleed攻擊
1.訪問(wèn)https://www.heartbleedlabelgg.com.
2.登錄(用戶名:admin,密碼:seedelgg).
3.添加好友(點(diǎn)擊More -> Members 點(diǎn)擊 Boby -> Add Friend).
4.發(fā)送消息.
5.多次運(yùn)行攻擊腳本($ ./attack.py www.heartbleedlabelgg.com).
獲取用戶名和密碼:
獲取發(fā)送消息:
任務(wù)2:找出Heartbleed漏洞原因
Heartbleed攻擊基于Heartbeat請(qǐng)求.這個(gè)請(qǐng)求只是發(fā)送一些數(shù)據(jù)到服務(wù)器,服務(wù)器會(huì)將數(shù)據(jù)復(fù)制到它的響應(yīng)數(shù)據(jù)包中,所有的數(shù)據(jù)都會(huì)被回顯.
在正常情況下,假設(shè)請(qǐng)求包含3個(gè)字節(jié)的數(shù)據(jù)“ABC”,長(zhǎng)度字段的值為3.服務(wù)器將數(shù)據(jù)放入內(nèi)存中,并從數(shù)據(jù)的開頭復(fù)制3個(gè)字節(jié)到其響應(yīng)包.
在攻擊場(chǎng)景中,請(qǐng)求可能包含3個(gè)字節(jié)的數(shù)據(jù),但長(zhǎng)度字段可能表示為1003.當(dāng)服務(wù)器構(gòu)造其響應(yīng)數(shù)據(jù)包時(shí),它從數(shù)據(jù)的起始處(即“ABC”)復(fù)制,但它復(fù)制1003字節(jié),這些額外的1000字節(jié)顯然不是來(lái)自請(qǐng)求包,它們來(lái)自服務(wù)器的私有內(nèi)存,并且可能包含用戶名,密碼等隱私數(shù)據(jù).
良性請(qǐng)求:
惡意請(qǐng)求:
嘗試不同的payload長(zhǎng)度值,當(dāng)載荷長(zhǎng)度減小的時(shí)候,我們獲取到的額外數(shù)據(jù)量在減少,
當(dāng)載荷值小于等于22的時(shí)候,獲取不到額外的數(shù)據(jù).
$./attack.py www.heartbleedlabelgg.com --length 22
任務(wù)3:修復(fù)Heartbleed漏洞
升級(jí)OpenSSL.
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade
源代碼分析:
心跳請(qǐng)求\應(yīng)答報(bào)文數(shù)據(jù)結(jié)構(gòu):
struct {
HeartbeatMessageType type; // 1 byte: request or the response
uint16 payload_length; // 2 byte: the length of the payload
opaque payload[HeartbeatMessage.payload_length];
opaque padding[padding_length];
} HeartbeatMessage;
處理心跳請(qǐng)求,構(gòu)造心跳應(yīng)答的過(guò)程:
1 /* Allocate memory for the response, size is 1 byte
2 * message type, plus 2 bytes payload length, plus
3 * payload, plus padding
4 */
5
6 unsigned int payload;
7 unsigned int padding = 16; /* Use minimum padding */
8
9 // Read from type field first
10 hbtype = *p++; /* After this instruction, the pointer
11 * p will point to the payload_length field *.
12
13 // Read from the payload_length field
14 // from the request packet
15 n2s(p, payload); /* Function n2s(p, payload) reads 16 bits
16 * from pointer p and store the value
17 * in the INT variable "payload". */
18
19
20 pl=p; // pl points to the beginning of the payload content
21
22 if (hbtype == TLS1_HB_REQUEST)
23 {
24 unsigned char *buffer, *bp;
25 int r;
26
27 /* Allocate memory for the response, size is 1 byte
28 * message type, plus 2 bytes payload length, plus
29 * payload, plus padding
30 */
31
32 buffer = OPENSSL_malloc(1 + 2 + payload + padding);
33 bp = buffer;
34
35 // Enter response type, length and copy payload
36 *bp++ = TLS1_HB_RESPONSE;
37 s2n(payload, bp);
38
39 // copy payload
40 memcpy(bp, pl, payload); /* pl is the pointer which
41 * points to the beginning
42 * of the payload content */
43
44 bp += payload;
45
46 // Random padding
47 RAND_pseudo_bytes(bp, padding);
48
49 // this function will copy the 3+payload+padding bytes
50 // from the buffer and put them into the heartbeat response
51 // packet to send back to the request client side.
52 OPENSSL_free(buffer);
53 r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
54 3 + payload + padding);
55 }
