Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS Deployments
HTTPS is designed to provide secure web communications over insecure networks. The protocol itself has been rigorously designed and evaluated by assuming the network as an adversary. This paper is motivated by our curiosity about whether such an adversary has been carefully examined when HTTPS is integrated into the browser/web systems. We focus on a specific adversary named “Pretty-Bad-Proxy” (PBP). PBP is a malicious proxy targeting browsers’ rendering modules above the HTTP/HTTPS layer. It attempts to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme. We discovered a set of vulnerabilities exploitable by a PBP: in many realistic network environments where attackers can sniff the browser traffic, they can steal sensitive data from an HTTPS server, fake an HTTPS page and impersonate an authenticated user to access an HTTPS server. These vulnerabilities reflect the neglects in the design of modern browsers – they affect all major browsers and a large number of websites. We believe that the PBP adversary has not been rigorously examined in the browser/web industry. The vendors of the affected browsers have all confirmed the vulnerabilities reported in this paper. Most of them have patched or planned on patching their browsers. We believe the attack scenarios described in this paper may only be a subset of the vulnerabilities under PBP. Thus further (and more rigorous) evaluations of the HTTPS deployments in browsers appear to be necessary.
Copyright © 2007 IEEE. Reprinted from IEEE Computer Society.This material is posted here with permission of the IEEE. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to email@example.com.By choosing to view this document, you agree to all provisions of the copyright laws protecting it.