Tools for Active and Passive Network Side-Channel Detection for Web Applications

Since its creation, SSL/TLS has been the go-to solution for securing unencrypted web protocols - most commonly HTTP. The design of SSL/TLS, however, merely provides data stream encryption and authentication properties which often leads to the incorrect conclusion that by simply wrapping an unencrypted HTTP connection to a server with SSL/TLS, user privacy and web application behaviour integrity are guaranteed. Such type of information leak is unique in the sense that while certain web security vulnerabilities such as SQL injections have been well researched and thus there are known design patterns to avoid and penetration testing tools based on detecting known-to-be insecure design patterns, the state of research for the types of information leaks described in this paper still lags behind. In this paper, we discuss three design patterns that often result in side-channel information leaks along with three real-world websites which posses these vulnerabilities. Based on these three vulnerable design patterns we present a set of tools for detecting these types of side-channel information leaks given a training set of captured encrypted network traffic sessions.