3

from basic research my understanding is: it is vulnerable in TLS 1.0 in SSL 3

Attacker can inject javascript and pass some known text to some server where attacker will get the encrypted version of known plain text and this is how the encryption mechanism can be known.

Please clarify if I misunderstood anything.

Questions: How to inject some malicious java script on page ? and what are the tools to identity encryption mechanism and apply the same to decrypt the cookie content ?

schroeder
  • 123,438
  • 55
  • 284
  • 319
jmj
  • 197
  • 3
  • 10

2 Answers2

4

You are really looking for a better explanation of what the BEAST attack does, then this site is a great reference.

How Would an Attack Take Place?

BEAST has three conditions that must be met for this attack to take place:

  1. JavaScript or applet injection into the same origin of the web site
  2. Network sniffing of the connection must be possible
  3. A vulnerable version of SSL must be used which is using a block cipher

An attacker could inject a java applet into the page with either XSS or intercepting a request for a valid applet.

As far as the exact method of "breaking" SSL. The article I mentioned, provides some great links in the fourth paragraph.

This blog post provides a great technical breakdown of how the BEAST attack works.

Security impact of the Rizzo/Duong CBC "BEAST" attack

ZnArK
  • 587
  • 1
  • 5
  • 10
1

To inject, you act as a man-in-the-middle to alter the page as it is being transmitted to the client. Then you inspect how the server responds.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • +1 thank you, could you please elaborate it little more, for example I somehow able to put a javascript in page (for example page requests for google analytics and I somehow able to manage to put javascript from my server), now what next ? everything is still SSL – jmj Sep 09 '13 at 17:30