6

It seems that in a MITM attack, hackers may know the whole HTTPS packet size sent through the network (i.e. size of HTTP headers + HTTP body + overhead). Besides that, does the HTTPS protocol also allow the hacker to recover the length of the HTTP body (either compressed or not)?

I ask because this is related to whether or not "adding a string of random length to the HTTP header" can hide the compressed HTTP body's length, to mitigate (but I know cannot totally prevent) a BREACH attack.

If the answer is no, does anyone know other risks in placing the random-length string in the HTTP header, instead of in HTTP body, to mitigate a BREACH attack?

S.L. Barth is on codidact.com
  • 5,524
  • 8
  • 40
  • 47
Johnny Wong
  • 201
  • 1
  • 4
  • 1
    If you sniff a HTTPS packet in wireshrak, then in the TLS record part you can see that it gives the information regarding the content type. Eg: Content Type: Application Data (23) Here 23 is 23 bytes. Then further it shall give the information regarding the length of Application data. This length excludes the protocol header and including the MAC and padding trailers. http://en.wikipedia.org/wiki/Transport_Layer_Security#Application_protocol – ρss Jun 09 '15 at 08:40
  • "this length excludes the protocol header" --> I'm not sure whether header excluded contains only TLS/openssl protocol's header, or also the inner HTTP header. More quotation is needed. – Johnny Wong Jun 09 '15 at 09:48
  • 1
    I think it doesn't messes with the inner HTTP header. The TLS generally works at the session and presentation layer of the OSI model. So it will take the application layer data which is HTTP data and encapsulate it with its own headers. – ρss Jun 09 '15 at 11:15
  • 2
    From TLS's perspective, there is no difference between HTTP header and HTTP body; it's all just one big stream to TLS. Note though, if the HTTP layer splits the header and the body into separate TCP packets, that may leak the boundaries between HTTP header and bodies. – Lie Ryan Jun 09 '15 at 11:39
  • So, is it safe to assume the hacker cannot know which proportion (ratio) of the length belongs to HTTP headers, and which belongs to HTTP body? Who could give an answer? – Johnny Wong Jun 10 '15 at 08:37
  • "Note though, if the HTTP layer splits the header and the body into separate TCP packets, that may leak the boundaries between HTTP header and bodies." --> do common implementation of apache have this behavior, which wraps the HTTP header as a separate TLS packet (if header size not too big), and wraps the HTTP body as other TLS packets? – Johnny Wong Sep 07 '15 at 03:42
  • @JohnnyWong good question. On off note, can't help myself recommending the word 'attacker' here. To use 'hacker' for attacker is a sensationalist media invention. Stallman had this On hacking. Hacking is carried from a MIT recreational activity focused on wit and playfulness. Notably, [hackers] designed the Incompatible Timesharing System [where] there was no security breaking, because there was no security to break. For a hacker 'security' is an obstacle hindering playfulness. For an attacker/cracker, 'security' is part the target. – n611x007 Sep 07 '15 at 11:22

1 Answers1

1

Distinguishing header from content is usually not the hardest part of cryptanalysis. This is because headers usually come with a specific structure, common length range and limited value variety.

Yes, SSL/TLS is leaking length details which might be used for multiple classes of attacks. In some cases an attacker might be even able to determine content information. Check the Bicycle Attack for some details: https://www.scip.ch/en/?labs.20160317

Padding is a good idea to prevent such attacks. There is no notable downside by definition regarding security adding such a feature.

Marc Ruef
  • 1,110
  • 5
  • 14
  • Though to gain any appreciable privacy against the attack specified in the original question, it would seem that you have to pad by up to quite a bit, randomly. Just a few dozen bytes won't do. – user Jun 03 '16 at 12:30
  • @MichaelKjörling How many random bytes padding you think could do, to hide some information from BREACH attack? – Johnny Wong Jul 04 '16 at 04:49