Should You Fear the BEAST?

Thursday, September 29, 2011




The Browser Exploit Against SSL/TLS Tool or BEAST is a tool written by Thai Duong and Juliano Rizzo that exploits a 10 year old flaw in SSL/TLS 1.0 and its use of cipher block chaining (CBC).

Until now, exploiting the vulnerability was only thought of as theoretical.

Using BEAST, the attacker can decrypt things, such as session ID cookies and other SSL encrypted requests.

There are many ways to obtain this cookie using a tool such as SSLstrip, but BEAST is the first attack to decrypt HTTPS requests using the weakness in SSL.

How does BEAST work?

Simply put, BEAST is a Man-In-The-Middle (MITM) attack that injects plain text into the encrypted stream sent by the victim's browser. This can be injected via JavaScript during a MITM attack.

Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies.

The length of the cookie will determine the amount of time BEAST needs for decryption. Once this is done, the attacker can now take over the victim's session.

Who's Vulnerable?

Almost any site using TLS1.0, as it is the most used security protocol. What about TLS1.1? The plain fact is SSL/TLS libraries don't implement it even though it came out in 2006.

When will there be a fix for the browsers? Most major browsers are attempting to issue a patch that would mitigate the vulnerability. Google has released a developer's version of Chrome that stops the BEAST.

Final thoughts: while an impressive tool and concept, once you have fallen victim to a MITM attack you have a lot more to worry about than the BEAST.

But expect to see this attack used in the wild and expect it to evolve and grow...

More information can be found about Google not being vulnerable to the BEAST attack and another article with in-depth technical detail can be found at

Cross-posted from SecureState Blog

Possibly Related Articles:
Information Security
Encryption SSL Browser Security Vulnerabilities TLS Man-In-The-Middle BEAST
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.