Google’s New Tool Nogotofail Released To Help Developers In Testing Network Security
In the last year we have seen an astounding amount of vulnerabilities in security implementations for transport layer as well as whole new attacks on main protocols, starting with Heartbleed and moving on to the Apple gotofail flaw and finishing with the most recent POODLE attack. In order to somewhat counter such scenarios and incidents and help security researchers and developers, Google has released a tool that checks whether applications are vulnerable to known TLS/SSL attacks and has configuration problems.
Google has called this tool “nogotofail”. Developers with the help of this tool are able to run various known attacks against target application through an infrastructure that they can set up. They key component in the various attacks on TLS/SSL, including BEAST, POODLE and others require man-in-the-middle position and this tool has this necessary ability to execute such attacks.
The following is said in the tool’s documentation:
“The core of “nogotofail” is the path network MiTM named nogotofail.mitm which intercepts TCP traffic. It is designed to run on path and centers around a set of handlers for every connection which are responsible for actively modifying data transferring to test for vulnerabilities and/or passively look for issues. nogotofail is totally port agnostic and instead detects vulnerable traffic via DPI instead of being based on port numbers. Moreover, because it uses DPI, it is able to do testing TLS/SSL traffic in the protocols that use STARTTLS.”
The nogotofail tool was designed by Google’s security team to work on any client connecting to the Internet.
The Android’s security team member Chad Brubaker wrote in a blog post:
“The Android Security Team (AST) has built a tool, called nogotofail, which provides an easy way to confirm that the applications or devices you are using are safe against the known TLS/SSL vulnerabilities and misconfiguration. Nogotofail works for iOS, Linux, Android, Windows, OSX, Chrome OS and in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure and get notifications on Linux and Android, as well as the attack engine itself that can be deployed as a router, proxy or VPN server.”
TLS and SSL transport layer security protocols are essentially designed to protect information’s in transit confidentiality. A number of attacks in past years have targeted the SSL protocol which is old. The successor to SSL protocol is the TLS protocol and it is considered to be more resistant to attack and robust, however TLS’ newer versions are not supported as widely as older versions of SSL protocol are.
One of the main reasons why attacks made on TLS/SSL are so problematic is the fact that users do not know that the attacks are taking place. User may think that shopping or an online banking connection is secure, however it can be jeopardized by an attacker quietly and confidential data such as payment card information or credentials can be simply stolen. Here’s the time when Google’s nogotofail tool comes into the play and helps developers identify fragile spots in their applications’ implementations before the advantage is taken by an attacker. But that is on developers’ hands whether they will even bother to protect their companies’ e-businesses, what can user do to be 100% sure he is safe while shopping or using any services online? The right answer to this question is a VPN service that offers data encryption and a strong one. NordVPN offers a bunch of very useful features such as double data encryption and no logs policy, making it stand out of the rest of VPN’s in the market for the lowest price including various discounts.
Brubaker wrote: “We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible.”
The nogotofail tool can also be found on GitHub as an open source project.