nogotofail: Google's Open Source Network Traffic Security Testing Tool

By

Lately, it seems that the only news we hear is what other multinational company has been hacked and how many records were accessed. We have always been security conscience, but it does appear that hackers and malware have been making us even more so lately. Unfortunately, this is neither something new, nor something that is likely to go away.

In their quest to make users, the Internet and digital devices in general more secure, a number of big Internet companies have recently announced a new collaboration that will focus on making open source projects easier for everyone. In fact, some companies have begun open sourcing their own projects.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. Unfortunately, we are witnessing many known TLS/SSL vulnerabilities, misconfigurations and library bugs. One company that is working to resolve these issues is Google.

Originally, SSL and TLS were designed to protect the confidentiality of information in transit. Due to the fact that the SSL protocol is old it has been the target of numerous attacks in recent years. Although TLS is SSL’s successor and considered to be more robust and resistant to attack, the fact remains that the newer versions of TLS are not as widely supported as much older versions of SSL.

To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a tool that checks for these problems. This week Google introduced a new tool for testing network traffic security called nogotofail.

Google has released it as an open source project available on GitHub. This means that anyone can use it, contribute new features, provide support for more platforms and essentially do anything else as long as the end result is to help improve the security of the Internet.

According to nogotofail’s documentation, “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS.”

nogotofail was built by the Android Security Team, and Google says it has been using nogotofail internally for some time and has worked with developers to improve the security of their apps. The attack engine itself can be deployed in a variety of different ways.

In a blog posting, Chad Brubaker of the Android security team said “The Android Security Team has built a tool, called nogotofai that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.”

One thing that makes attacks on SSL/TLS so challenging is that generally users don’t know that the attacks are taking place. We have seen this over the past 12 months from companies such as Target, Home Depot and JPMorgan Chase. While some attacks were caught within a week, others lasted for several months. The Google nogotofail tool is designed to help developers identify the weak spots in their applications’ implementations before an attacker can take advantage.




Edited by Maurice Nagle

TechZone360 Contributing Writer

SHARE THIS ARTICLE
Related Articles

How Your Company Can Maintain Its Cybersecurity in 2021 and Beyond

By: Special Guest    9/17/2021

Cybercrimes are continually on the rise, bringing more threats to organizations in the pandemic than before. Statistics show that as early as March…

Read More

Is Mining Cryptocurrency Still Viable?

By: Special Guest    9/17/2021

As cryptocurrency continues to grow, more and more people are getting in on the action. But is it worth mining? Click here to find out more.

Read More

The World Will Change With Bitcoin

By: Special Guest    9/15/2021

Financial freedom may increase more efficiently with digital currency than ever before. The consequences of this are profound. Millions of people …

Read More

From Driver's Licenses Proof of Vaccination to Fishing Licenses, the World is Going All-Digital

By: Erik Linask    9/13/2021

The State of Louisiana's LA Wallet app will soon allow users to upload not only digital driver's licenses and COVID-19 vaccination status, but also hu…

Read More

Apple Must Now Allow Alternative Direct Payment Options In App Store, Judge Rules

By: Luke Bellos    9/10/2021

A California judge ruled that Apple has not been proven to be a monopoly, but is participant in anti-competitive practices within the company's digita…

Read More