nogotofail: Google's Open Source Network Traffic Security Testing Tool

By Joe Rizzo November 05, 2014

Lately, it seems that the only news we hear is what other multinational company has been hacked and how many records were accessed. We have always been security conscience, but it does appear that hackers and malware have been making us even more so lately. Unfortunately, this is neither something new, nor something that is likely to go away.

In their quest to make users, the Internet and digital devices in general more secure, a number of big Internet companies have recently announced a new collaboration that will focus on making open source projects easier for everyone. In fact, some companies have begun open sourcing their own projects.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. Unfortunately, we are witnessing many known TLS/SSL vulnerabilities, misconfigurations and library bugs. One company that is working to resolve these issues is Google.

Originally, SSL and TLS were designed to protect the confidentiality of information in transit. Due to the fact that the SSL protocol is old it has been the target of numerous attacks in recent years. Although TLS is SSL’s successor and considered to be more robust and resistant to attack, the fact remains that the newer versions of TLS are not as widely supported as much older versions of SSL.

To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a tool that checks for these problems. This week Google introduced a new tool for testing network traffic security called nogotofail.

Google has released it as an open source project available on GitHub. This means that anyone can use it, contribute new features, provide support for more platforms and essentially do anything else as long as the end result is to help improve the security of the Internet.

According to nogotofail’s documentation, “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS.”

nogotofail was built by the Android Security Team, and Google says it has been using nogotofail internally for some time and has worked with developers to improve the security of their apps. The attack engine itself can be deployed in a variety of different ways.

In a blog posting, Chad Brubaker of the Android security team said “The Android Security Team has built a tool, called nogotofai that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.”

One thing that makes attacks on SSL/TLS so challenging is that generally users don’t know that the attacks are taking place. We have seen this over the past 12 months from companies such as Target, Home Depot and JPMorgan Chase. While some attacks were caught within a week, others lasted for several months. The Google nogotofail tool is designed to help developers identify the weak spots in their applications’ implementations before an attacker can take advantage.




Edited by Maurice Nagle

TechZone360 Contributing Writer

SHARE THIS ARTICLE
Related Articles

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More

Contribute Your Brain Power to The New Intelligence

By: Paula Bernier    6/28/2018

The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…

Read More

TMC Launches The New Intelligence - an Unparalleled AI and Machine Learning Conference & Expo in Florida

By: TMCnet News    6/28/2018

TMC announced the launch of The New Intelligence conference and expo - The Event Powering the AI Revolution. This exciting new event will take place o…

Read More