BYPASSING HTTP STRICT TRANSPORT SECURITY presented at BlackHatEU 2014

by Jose Selvi,

Summary : For the last few years, some different attacks against SSL/TLS have been released. Some of them based on cryptography or protocol weaknesses such as BEAST, CRIME, etc, and some others, such as SSLStrip, based on rewriting https links into http ones and keep user communications always in HTTP. In order to protect users against SSLStrip attacks, a new protection called HTTP Strict Transport Security (HSTS) has been developed and it's currently supported by most widely used browsers.
However, under certain circumstances, an attacker could exploit an inter-operation vulnerability in order to bypass HTTP Strict Transport Security protection and use other well-known attack techniques such as SSLStrip. In this presentation, we review the HSTS strengths and weaknesses, and we go in-depth on this inter-operation vulnerability and how it could be exploited.