
BEAST Cryptographic Attack Mitigations Overturned  - wglb
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308
======
tptacek
BEAST in practice, at least as far as I understand it (pretty well, that is,
except that I might be dating myself a bit) requires more than a vulnerable
browser. The attacker needs precise control over the first bytes of a new
request on an existing SSL session. As I remember it, Thai and Juliano needed
the Java plugin running to demonstrate it when they first discovered it.

~~~
ivanr
That's correct: control over the first few bytes (the size of the encryption
block) is needed. In addition, in practice you will also need a Same-Origin
Policy bypass in order to submit requests to the target web site.

Surprisingly, the Java SOP bypass used for BEAST originally is still without a
fix. In addition, IIRC, Java continues to treat sites behind the same IP
address as belonging to the same origin. I think that, with some trickery, the
latter could be used for arbitrary SOP bypass too.

In my research I discovered that XmlHttpRequest allows you to use arbitrary
methods, which is handy, because those are the bytes that are submitted first.
So that feature, along with keep-alives and a SOP bypass could also make BEAST
possible in a vulnerable browser. (Disclaimer: I tested this approach a bit,
but I haven't attempted to exploit it all the way.)

~~~
marshray
Oh my.

