nogotofail: Google's Open Source Network Traffic Security Testing Tool

By

Lately, it seems that the only news we hear is what other multinational company has been hacked and how many records were accessed. We have always been security conscience, but it does appear that hackers and malware have been making us even more so lately. Unfortunately, this is neither something new, nor something that is likely to go away.

In their quest to make users, the Internet and digital devices in general more secure, a number of big Internet companies have recently announced a new collaboration that will focus on making open source projects easier for everyone. In fact, some companies have begun open sourcing their own projects.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. Unfortunately, we are witnessing many known TLS/SSL vulnerabilities, misconfigurations and library bugs. One company that is working to resolve these issues is Google.

Originally, SSL and TLS were designed to protect the confidentiality of information in transit. Due to the fact that the SSL protocol is old it has been the target of numerous attacks in recent years. Although TLS is SSL’s successor and considered to be more robust and resistant to attack, the fact remains that the newer versions of TLS are not as widely supported as much older versions of SSL.

To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a tool that checks for these problems. This week Google introduced a new tool for testing network traffic security called nogotofail.

Google has released it as an open source project available on GitHub. This means that anyone can use it, contribute new features, provide support for more platforms and essentially do anything else as long as the end result is to help improve the security of the Internet.

According to nogotofail’s documentation, “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS.”

nogotofail was built by the Android Security Team, and Google says it has been using nogotofail internally for some time and has worked with developers to improve the security of their apps. The attack engine itself can be deployed in a variety of different ways.

In a blog posting, Chad Brubaker of the Android security team said “The Android Security Team has built a tool, called nogotofai that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.”

One thing that makes attacks on SSL/TLS so challenging is that generally users don’t know that the attacks are taking place. We have seen this over the past 12 months from companies such as Target, Home Depot and JPMorgan Chase. While some attacks were caught within a week, others lasted for several months. The Google nogotofail tool is designed to help developers identify the weak spots in their applications’ implementations before an attacker can take advantage.




Edited by Maurice Nagle

TechZone360 Contributing Writer

SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More