Pretty-Bad-Proxy: I. INTRODUCTION

论文地址：Pretty-Bad-Proxy

I. INTRODUCTION

HTTPS is an end-to-end cryptographic protocol for securing web traffic over insecure networks. Authenticity and confidentiality are the basic promises of HTTPS. When a client communicates with a web server using HTTPS, we expect that: i) no HTTPS payload data can be obtained by a malicious host on the network; ii) the server indeed bears the identity shown in the certificate; and iii) no malicious host in the network can impersonate an authenticated user to access the server. These properties should hold as long as the end systems, i.e. the browser and the server, are trusted.

HTTPS是一种在不安全的网络上进行安全传输的端到端的安全协议。可靠性和保密性是HTTPS的基本承诺。当一个客户端和一个web服务端使用HTTPS进行通讯，咱们期待：1.全部承载在HTTPS上的数据均不会被网络上的恶意主机截获 2. 服务端和证书中的身份匹配 3. 网络上没有恶意主机能够仿冒认证用户链接服务器。 只要终端系统（例如浏览器和服务器）可信任，这些属性都应该保持。

In other words, the adversary model of HTTPS is simple and clear: the network is completely owned by the adversary, meaning that no network device on the network is assumed trustworthy. The protocol is rigorously designed, implemented and validated using this adversary model. If HTTPS is not robust against this adversary, it is broken by definition.

换句话说，HTTPS的对手模型就很清晰了：对手彻底拥有网络，表示网络上的全部设备都是不可信任的。这个协议是严格根据这种对手模型设计实现并通过验证的。若是在针对这个对手的时候HTTPS不是健壮的，那么它从定义上就被破坏了。

This paper is motivated by our curiosity about whether the same adversary that is carefully considered in the design of HTTPS is also rigorously examined when HTTPS is integrated into the browser. In particular, we focus on an adversary called “Pretty-Bad-Proxy” (PBP), which is a man-in-the-middle attacker that specifically targets the browser’s rendering modules above the HTTP/HTTPS layer in order to break the end-to-end security of HTTPS. Figure 1 illustrates this adversary: PBP can access the raw traffic of the browser (encrypted and unencrypted), but it is unable to decrypt the encrypted data on the network. Instead, the PBP’s strategy is to send malicious contents through the unencrypted channel into the rendering modules, attempting to access/forge sensitive data (which flow in the encrypted channel on the network) above the target cryptography of HTTPS.

这篇论文是因为咱们好奇当HTTPS整合入浏览器的时候，这种在HTTPS协议设计时就被仔细考虑过的攻击方式是否也被严格验证过。特别的，咱们聚焦在一种被称为PBP的攻击手段上，它是一种中间人攻击方式，特别会把基于HTTP/HTTPS层上的浏览器渲染模块做为攻击对象来破坏HTTPS的端到端安全性。图1说明了这种攻击手段：PBP能截取浏览器上的原始传输流（包括加密和未加密的）， 可是它不能在网络上解密加密数据。相反，PBP的策略是经过不加密通道发送恶意内容到渲染模型，试图接近/伪造在HTTPS上加密的敏感数据（在网络加密通道中传输的）。

With a focused examination of the PBP adversary against various browser behaviors, we realize that PBP is indeed a threat to the effectiveness of HTTPS deployments. We have discovered a set of PBP-exploitable vulnerabilities in IE, Firefox, Opera, Chrome browsers and many websites. They are due to a number of subtle behaviors of the HTML engine, the scripting engine, the HTTP proxying, and the cookie management. By exploiting the vulnerabilities, a PBP can obtain the sensitive data from the HTTPS server. It can also certify malicious web pages and impersonate authenticated users to access the HTTPS server. Although all attacks fool the HTTP/HTTPS layer and above, the manifestations of the vulnerabilities are diversified: some require the scripting capability of the browser while others use static HTML contents entirely; some require the HTTP-proxy mechanism enabled in the browser while others do not need this requirement. The existence of the vulnerabilities clearly undermines the endto-end security guarantees of HTTPS. 

在对PBP针对普遍浏览器操做的攻击进行集中检查以后，咱们发现PBP对HTTPS的开发者的有效性确实是一个威胁。在IE，FireFox，Opera，Chrome浏览器和不少网站，咱们发现了一系列利用PBP的漏洞。它们归咎于HTML引擎，脚本引擎，HTTP代理和cookie管理中的许多细微的操做。利用这些漏洞，一个PBP攻击者能够从HTTPS服务端获取到敏感信息。它也能够证实恶意网页并假冒认证用户链接HTTPS服务器。虽然全部的攻击都只欺骗HTTP/HTTPS和以上层，但漏洞的表现形式是多样的：一些须要浏览器的脚本能力，而另外一些则彻底只利用静态HTML网页内容；一些须要在浏览器里设置HTTP代理可用，而另外一些则没有这个需求。漏洞的存在很明显破坏了HTTPS上端到端的安全可靠性。

People who are less familiar with HTTPS sometimes argue that the HTTPS security inherently depended on the trust on the proxy, and thus the assumption about a malicious proxy was inappropriate. This argument is conceptually incorrect since HTTPS’ goal is to achieve the end-to-end security. Also, we show that in practice the trust on the proxy is too brittle for HTTPS to depend on. We constructed two versions of attack programs to show two levels of threats: (1) the first level, which is already serious, is due to the wide use of proxies for web access. The integrity of proxies is generally difficult to ensure. For instance, malware and attackers may take over legitimate proxies in hotels and Internet cafes, because they are not well managed. Many free third-party open proxies are also essentially unaccountable, etc; (2) the second level, which is more severe, is due to the fact that browsers’ proxyconfiguration mechanisms and browsers’ communications with proxies are often unencrypted in many network environments. This makes a user vulnerable even when he/she is not knowingly connected to an untrusted proxy, as long as an attacker has the MAC layer access to the victim’s network. In our Ethernet and WiFi experiments, the attacker simply needs to connect to the same Ethernet local area network (LAN) or wireless access point (AP) to launch the attacks. The damages of such attacks are the same as those caused by physically taking over a legitimate proxy. With the PBP vulnerabilities in browsers, the end-to-end security guarantees promised by HTTPS are lost because users basically need to trust the network in order to trust HTTPS. 

不太熟悉HTTPS的人有时候会争论HTTPS安全须要依赖于代理的可靠性，因此假设一个恶意代理是不合适的。这种争论从概念上就是不许确的，由于HTTPS的目标就是达成端到端的安全性。另外，咱们能够展现，在实际中HTTPS所依赖的对代理的信任实在是太脆弱了。咱们构建两个版本的攻击程序来展现两种威胁的级别：1. 第一种是严重级别，归咎于网络链接中普遍使用的代理。代理的可靠性很可贵到确保。好比，恶意软件和攻击者可能利用酒店和网络咖啡店里可发的代理，由于他们并无被很好的管理。不少免费三方代理也从本质上是不可依赖的，诸如此类。2. 第二种是更严重的级别，归咎于浏览器的代理配置机制以及浏览器使用代理的通讯机制在不少网络环境下每每是不加密的。当一个用户不知道本身链接到了一个不可信任的代理，只要一个攻击者获取了和受害者网络MAC层的链接，这个用户就很容易受到攻击。在咱们的以太网和wifi实验中，攻击者只须要简单的链接到同一个LAN域或者无线热点就能够发起攻击。这种攻击的危害和在物理上接管一台合法代理形成的危害同样。使用浏览器里的PBP漏洞，HTTPS失去了所承诺的端到端安全保障，由于用户基本上须要信任网络才能信任HTTPS。

We have reported the discovered vulnerabilities to browser vendors. They have acknowledged the attack scenarios. The status of vendor responses is given later in the paper in Table III. Most of the vendors have patched or planned on patching their browsers.

咱们向浏览器供应商报告了已发现的漏洞。他们被知悉了攻击场景。供应商的反应在本论文表三中给出（译者注：根据不一样的场景不一样浏览器产商响应程度不同，在下文解释了攻击场景以后再详细给出）。大部分供应商已经或者计划给他们的浏览器打上补丁。

A note about this paper: This work was finished in July 2007, except for the paper writing and the vulnerability testing on the Google Chrome browser released in beta in Sept. 2008. The paper submission has been withheld until this conference. To present this work in a necessary context, we will describe how our effort is related to some of the efforts from other researchers in this time frame.

关于本论文的一个注解：这项工做基本完成于2007年七月，到2008年九月正式完成论文书写和在chrome beta浏览器上的漏洞测试。论文一直保留到此次会议才提交。为了以一种必要的形式呈现这份研究，咱们将描述在这个时间框架内咱们的努力是如何和其余研究者的努力联系起来的。

The rest of the paper is organized as follows. Section II introduces the basic concepts about the browser security model and the HTTPS protocol. Section III and Section IV describe various PBP attacks. In section V, we demonstrate the feasibility of exploiting these vulnerabilities and study their security implications in real-world settings. Section VI discusses possible fixes and mitigations. Section VII covers related work and Section VIII concludes.

这份论文如下内容结构以下：第二部分介绍了浏览器安全模型和HTTPS协议的基本概念，第三部分和第四部分描述了多种PBP攻击方式，第五部分咱们证实了利用这些漏洞的可能性并研究他们对真实世界设置的安全启示。第六部分讨论可能的修复或缓解方案。第七部分覆盖了相关研究，第八部分结尾。