We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
XMPP Stanza Smuggling or How I Hacked Zoom
Discover how XMPP stanza smuggling, a zero-click attack that hijacks conversations, was used to bypass Zoom's parser and serializer. Learn how this hack was exploited and how to use custom XML extensions to find logic bugs.
- XMPP is a protocol based on XML, with its own quirks and complexities.
- The talk “XMPP Stanza Smuggling or How I Hacked Zoom” uses Zoom as an example, but the concepts apply to other targets as well.
- Stanza smuggling is an attack where a client sends a custom XML stanza that bypasses the server’s parser and serializer.
- This allows the attacker to intercept and modify raw XMPP traffic, effectively hijacking the conversation.
- The attack starts by exploiting a stanza smuggling issue and continues by sending custom XML over the stream connection.
- The speaker uses a case study to demonstrate how stanza smuggling can be used to launch a zero-click attack.
- The speaker also discusses how custom XMPP extensions can be used to find logic bugs.
- XML has its own quirks and complexities, including issues with UTF-8 encoding.
- The speaker shows how the FastXML library can be used to handle XML-related stuff.
- XPath is also used in the talk, particularly in regards to XML parsing.
- Client-server differences in XML parsing can lead to unexpected behavior and vulnerabilities.
- Fuzzing can be used to find logic bugs, and the speaker uses the Jackalope fuzzer in their case study.
- XMPP installations, especially larger ones, still find this attack exciting and useful.
- The speaker also discusses how custom XML can be used to find bugs and vulnerabilities.
- Zoom is used as an example in the talk, but the concepts apply to other targets as well.