I decided to take a look at some XMPP servers that are listed on Shodan and poke around at their settings in regards to SSL/TLS. The XMPP protocol allows for securing connections cryptographically through use of STARTTLS feature for securing normally plaintext protocols.
Security has long been lax in regards to XMPP chat servers. It is common to see servers using self-signed certificates with low key sizes, and often with insecure connection renegotiation enabled. Insecure key renegotiation was made famouse by THC with their SSL denial of service tool that targeted insecure implementations of HTTPS servers. You can find code below that will run a similar attack against vulnerable XMPP servers.
Using Shodan’s API
Shodan offers free accounts with limited access to the API and results. After signing up, you
can find your API key at the top right of the page. Shodan offers a Python library available
on GitHub. You can also install the library by using either
pip install shodan or
easy_install shodan. Shodan has decent documentation for the library available here
import shodan api_key = "MY_API_KEY_HERE" api = shodan.Shodan(api_key) query = 'xmpp port:"5222"' result = api.search(query) fd = open('hosts.txt', 'w') for service in result['matches']: fd.write(service['ip_str'] + '\n') fd.close()
The above will output a list of IPs that have been observed running XMPP.
Scan SSL Options
Now, we will use a simple tool called sslscan to examine the XMPP servers. We will focus on insecure renegotiation and weak SSL keys. It has been demonstrated to be easy enough to crack 512 bit RSA keys by using Amazon’s AWS in a matter of hours. This could allow an attacker to conduct Man in the Middle attacks without raising any alarms. The paper can be found here.
We have a hosts.txt file with a list of potential targets. We can run sslscan against this list and analyze the current encryption landscape in regards to XMPP servers.
for host in $(cat hosts.txt); do ./sslscan --starttls-xmpp --no-ciphersuites --no-compression $host:5222 | tee -a xmpp.log; done
Analyzing the Results
Our results have been saved to XMPP.log. I ran the scans against the first 100 hosts returned by Shodan in the earlier script.
Identifying Weak Keys
The following will show a list of servers that are relying on 512 bit RSA keys.
grep 'Strength' xmpp.log -B 25 | grep 512 -B25 | grep Testing
At the time of publishing, 55⁄100 servers were relying on weak 512 bit RSA keys for protecting potentially sensitive coversations.
grep 'not supported' -i xmpp.log -B 10 | grep Testing
At the time of publishing, 6⁄100 servers were allowing insecure renegotiation. These servers should be reconfigured properly.
XMPP STARTTLS Renegotiation Stress Testing
During testing against local servers, 10 threads were often enough to max out server CPUs using a single host.