Shadow on the Wall - Risks and Flaws with Shadowsocks
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
What is one of the cornerstones of the Internet? Right! Being able to access all kinds of information, without censorship. In some countries this is no longer possible, and this is why technologies such as Tor and Shadowsocks are needed.
While the main feature of Tor is the onion routing and the aim of being cryptographically secure, it can easily be blocked by a firewall.
Shadowsocks simply tries to provide an undetectable tunnel to a non-censored part of the Internet.
Shadowsocks provides a Socks5proxy locally, into which all traffic is routed. It encrypts traffic with a configurable symmetric algorithm and the messages have (pseudo) random lengths. The absence of any visible protocol information makes them appear totally random. The goal is stealth through restricted infrastructures.
Naturally, users of such tools may be exposed to increased risks. Therefore the tools aim to be undetectable by deep packet inspection firewalls. For security and privacy they have to encrypt the traffic, use random padding, ensure integrity, and should imitate other protocols so as to look like normal encrypted traffic, e.g. such as that from an encrypted website. The server should be authenticated to ensure that the user does not communicate with a malicious endpoint.
We had a look at Shadowsocks to see how it handles this task, and noticed some interesting things.
This talk shows the results of our efforts to analyse ShadowSocks and identifying real vulnerabilities. There were attempts about detecting shadowsocks. We show how to brute force it, manipulate its log files. In addition, we will show several local as well as remote command execution vulnerabilities affecting shadowsocks and its tools.
Niklas Abel
Niklas works as an IT security consultant at X41 D-Sec GmbH in the area of penetration testing and code reviews. He is experienced in penetration of complex software applications and infrastructures, code reviews and vulnerability analysis. His last talk was as speaker at MRMCD 2016 about bank security and developing of an 2FA device.
Other media in the channel "2018"
- 115 views, 6 this year, 1 this monthGlassfish from (IN)Secure adminJuly 6th, 2018
- 57 views, 1 this yearOpen Hardware for (software) offensive securityJuly 6th, 2018
- 48 viewsFreedom Fighting Mode - Open Source Hacking HarnessJuly 6th, 2018
- 79 views, 3 this year, 1 this monthExpl-iot: IoT Security Testing FrameworkJuly 6th, 2018
- 23 viewsIo(M)T Security: A year in reviewJuly 6th, 2018
- 46 views, 1 this yearIoT Honeypot, new types of attacksJuly 6th, 2018