SSL on XMPP Servers via Shodan

I decided to take a look at some XMPP servers that are listed on Shodan and poke around at their settings in regards to SSL/TLS. The XMPP protocol allows for securing connections cryptographically through use of STARTTLS feature for securing normally plaintext protocols.

Security has long been lax in regards to XMPP chat servers. It is common to see servers using self-signed certificates with low key sizes, and often with insecure connection renegotiation enabled. Insecure key renegotiation was made famouse by THC with their SSL denial of service tool that targeted insecure implementations of HTTPS servers. You can find code below that will run a similar attack against vulnerable XMPP servers.

Using Shodan’s API

Shodan offers free accounts with limited access to the API and results. After signing up, you can find your API key at the top right of the page. Shodan offers a Python library available on GitHub. You can also install the library by using either pip install shodan or easy_install shodan. Shodan has decent documentation for the library available here

import shodan

api_key = "MY_API_KEY_HERE"
api = shodan.Shodan(api_key)
query = 'xmpp port:"5222"'
result = api.search(query)

fd = open('hosts.txt', 'w')
for service in result['matches']:
	fd.write(service['ip_str'] + '\n')
fd.close()

The above will output a list of IPs that have been observed running XMPP.

Scan SSL Options

Now, we will use a simple tool called sslscan to examine the XMPP servers. We will focus on insecure renegotiation and weak SSL keys. It has been demonstrated to be easy enough to crack 512 bit RSA keys by using Amazon’s AWS in a matter of hours. This could allow an attacker to conduct Man in the Middle attacks without raising any alarms. The paper can be found here.

We have a hosts.txt file with a list of potential targets. We can run sslscan against this list and analyze the current encryption landscape in regards to XMPP servers.

for host in $(cat hosts.txt); do ./sslscan --starttls-xmpp --no-ciphersuites --no-compression $host:5222 | tee -a xmpp.log; done

Analyzing the Results

Our results have been saved to XMPP.log. I ran the scans against the first 100 hosts returned by Shodan in the earlier script.

Identifying Weak Keys

The following will show a list of servers that are relying on 512 bit RSA keys.

grep 'Strength' xmpp.log -B 25 | grep 512 -B25 | grep Testing

At the time of publishing, 55100 servers were relying on weak 512 bit RSA keys for protecting potentially sensitive coversations.

Insecure Renegotiation

grep 'not supported' -i xmpp.log -B 10 | grep Testing

At the time of publishing, 6100 servers were allowing insecure renegotiation. These servers should be reconfigured properly.

XMPP STARTTLS Renegotiation Stress Testing

During testing against local servers, 10 threads were often enough to max out server CPUs using a single host.

comments powered by Disqus