刚刚有研究人员公布了一种针对TLS/SSL的中间人攻击, 该攻击
1. exploitable (可操作性比较强)
2. 目前还没有解决方案, 等待各厂商出补丁.
3. 受影响的上层协议包括HTTPS,IMAP, SIP等等.
有人举了下面这个例子来帮助大家理解此洞
E.g., the attacker would send:
GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1
X-Ignore-This:
And leave the last line empty without a carriage return line feed. Then when the client makes his own request
GET /pizza?toppings=sausage;address=victimssaddress HTTP/1.1
Cookie: victimscookie
the two requests get glued together into:
GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1
X-Ignore-This: GET /pizza?toppings=sausage;address=victimssaddress HTTP/1.1
Cookie: victimscookie
And the server uses the victim's account to send a pizza to the attacker.
whitepaper的全文: http://extendedsubset.com/Renegotiating_TLS.pdf