Attacking Language Server JSON RPC

There's no failed research, just fruitless attempts. And I learned a bit about the language server protocol too

When you find out that something doesnt work, you still get the knowledge about how not to attack stuff

This reminds me of a project I was involved in for the past couple of weeks. Review of source code, really did a deep dive into it. Thousands of class files, going from broad architecture all the way to functional implementation. The final verdict? "Looks good, ship it" Just because you try really hard to find a vuln doesn't always mean there is one to find.

that was awesome, ty showed me that research is not always/ doesn't need to always be fruitful, and now thinking about it I feel much better 😁

I love this video, it was great way of showing even failed research can teach us a lot.

Great and very realistic showcase about how (security) research goes. Good job!

It isn't even fruitless. You checked it, found no vulnerabilities, gained knowledge about VsCode Extensions. Nice work! 👍

great video! this was a really raw and honest demonstration of hard work.

Thank you for posting this type of process! Learned a lot, and hopefully will be able to do research myself one day, thanks for all the quality content.

Great work - I don't regard the *research* as a failure; merely one avenue for exploitation is not seemingly possible - and that itself is a good result to communicate or at least know about.

It would be cool to do such content more often in live and upload recordings to the second channel. A good reminder that a research is when you fail significantly more times than you succeed

Oh this sparked my interest in vscode extensions. Definitely on my list of things to play around with some time.

Love the new fonts BTW ❤

Amazing video, helped me a little with my imposter syndrome as I realized I knew a little more than I expected I would!

Wow, you just blew my mind with the solution to the problem at 13:20! 😃 I even paused to try and come up with my own idea, but didn't realize such a simple trick is enough...

Learning what fails is often as important as learning what succeeds.

In the on screen text at around 7:30 you wrote the word mess twice! Amazing video though, incredibly informative and deep information :) I appreciate your work!

Someone messed messed with his on screen text.

im currently writing vscode language support for my own language, so this is very interessting

It's pretty cool to learn how the protocol works

Thank you, it is great, I do enjoy a lot over the journey. 👍

That was informative. Thank you 🙏

i love your videos man! every time i watch your videos i get a weird but amazing feeling.. as if i want to do cyber sec for the rest of my life haha, keep doing what youre doing :)

Awesome video, thank you

This is amazing! Instant sub!

Thanks a lot I'm also searching for this

This channel and your content is very helpful in understanding how to go about security research and finding bugs. I have one question though : Are there any tools to identify how client applications communicate with servers without looking at the code ?(Or if the client app code is not available )

Awesome talk!

Much needed Motivation

great video!

14:13 Could you write the second message in the body of the first message? The first message's HTTP body would be: {initialize-response-stuff}Content-Length: 123 {malicious-request}

I’m thinking about making a similar video in documentary format

Congrats,your comment worked, i just subscribed. Make that video soon

+ sub im exited

It was very usefull 👍

This is not the first video of this channel about language servers. The video "Google Paid Me to Talk About a Security Issue! " it is explained how a language server with hacker controlled code can be used to execute code.

7:13 "Can an attacker mess mess with it?" :P

You tried Chrome for pipelining, but several other browsers still have it. Also, wouldn't multiplexing work just as well?

Awesome

4:20 This is actually false for Microsoft's own C# extension in vscode. That extension downloads the server and other tools (same ones that are used for visual studio and msbuild). They even auto-update by default.

I noticed the dog in the background at 14:22 for a few seconds :3

Since pipelining did not work, have you tried relying on HTTP keep-alive? Since vscode won't close the connection, we only have to prevent the browser from closing it. If this works, you can just do two HTTP requests. Also, have you tried sending two payloads in the same message body (repeating the content-type for the second one)? I think VSC only reads only the number of bytes it needs to read to process the message (for perf reasons). So we maybe could just send two messages in a single request. Of course, this only works if the server doesn't expect anything from his first response in our second message.

Hey awesome research, just curious when you made it use socket instead of IPC (at 09:36) didn't you increased the attacks surface so that browser can be used? I mean if it just have used IPC it won't be vulnerable to this attack, right?

Nvm, you did it for extension not the server. 👍

Thank you, Can you made a video series on " How to build Operating System" for example xv6 which is unix based open source project.

14:31 Isn’t it’s possible to overcome with web sockets? I think it’s possible to exchange messages on the same TCP connection. Also, all HTTP related tricks might not be needed. If I’m not wrong

Websocket is a bit more complex protocol that requires the server to play along

Isn’t LSP also used when VSCode is running in the browser, then it will use http and the LSP needs to be the server - or is a server side component doing that?

Afaik in that case there is a separate VSCode server running somewhere else which among other things runs extensions and launches and connects to the LSP servers. It also works like this when you connect VSCode to a remote (though there also are extensions that run locally in that case, not sure how exactly that behaves in the browser, I guess maybe the local extensions can only be JS and run in the browser). Also keep in mind that the LSP "servers" aren't the kind of servers that run somewhere else in the cloud or something. If you run VSCode locally, they are just programs that will be started by VSCode on your PC.

Nice

@LiveOverflow Can't you include another Content-Length header k-v pair in the request body?

I dont think it is failed research. It is a clue which indicates that an attacker can probably not attack you using this method. I think that's worth a lot.

I have one question for u, If IDE use languages code server for checking code on IDE, I think if we close the internet when we write code , Why IDE can check code error or not ?

Push!

Would using WebSockets be an option? Or a custom http client being executed via WASM in a webworker?

Why did that need to be from the browser anyway, since doing it from the user would require him to open the browser at the right time so attacking from the outside would be the only option, that could be possible since to my knowledge the messages aren’t encrypted and TCP spoofing could be possible, but since these connections will be made on loopback and cant be sniffed (by an outsider), it would require guessing the sequence number (which is technically possible i guess) and which open port is the server

Because code in the browser has a lower trust level, websites are sandboxed. If an application running on your machine communicates with other applications, it’s expected. If you allow a website to execute code on your machine it’s much worse.

Maybe it was just me, but even half way through the video I still wasn't sure whether you're trying to figure out whether a malicious codebase opened in VSCode with your extension active, or the extension itself is the attack. So are you trying to protect users of your extension, or are you trying to figure out whether an extension itself can be malicious? Maybe I missed it but that made it harder for me to follow.

I’m trying to figure out whether a malicious website can attack a VSCode extension that uses a language server via socket transport. Ultimately in the end I want to check whether my extension is safe against this potential attack

i like working backwards straight from what can i change/what is the user input :)

G🐐A T E D

Let's be grateful that there's no security vulnerability to exploit in vs-code. So this is not a failure, but good news

Language server protocol, the way you explaining its pretty intresting.. though I know this stuff awesome video

Wouldn't it be possible for a malicious website to serve a web assembly program dealing with the communication to the language extension server that the connected clients run?

Hi, may I know how do you know it's port 1219?

Curious. Is this video stretched in width? He looks wide.

Im gonna pick up the pieces and build a lego house

I like when you talk fast and move your hands like you’re rapping 😂 I dare you to do a rap song about coding just for the lol’s 🤣🤣🤣

14:23 DOG!!!

if security research never failed, it would mean everything would be a vulnerability

Thank you.... i always wanted to do this... i am currently interested in LSP as i wasted past year configuring nvim..... Maybe i may try the same in neovim lsp... if it works....

The LSP protocol is entirely different from this.

You said, it expects 2 messages. Can't you just post two of them as one block of POST? Faking ends and headers in the middle of your data if necessary? LG chris :)

multipart/x-mixed-replace ??

wouldnt http streams work with this?

can we have an rpc deepdive?

So connecting between processes using TCP is not secure because a browser can be running in the background. Well you can certanly find antipatterns in programs using it. Thats really strange that TCP can be supported at all On the second thought using TCP and assuming data that comes from it is somehow safe is wrong at all times.

It's not that strange when you consider that it can be used remotely, e.g. for remote editor environments (like Visual Studio Code supports). Using TCP with TLS wouldn't make sense locally, because the request and responses would have to be encrypted and decrypted on the same machine anyway. In this case you can use TLS on top of the TCP connection that is established with a remote LSP.

3 sekunden ich wusste sofort der spricht deutsch 😂

Pipes on windows or ports on mac? What? You mean pipes and ports everywhere?

„mach ports“

07:13 2 mess?

It might not be a practical attack, but it's still a near-vulnerability, a la the swiss cheese risk model. And one straightforward measure that would stop any exploit dead would be forcing that initial status message to include an authentication token passed to the process in an environment variable.

or just require that a particular header is set that no website sends by default

Wait, could you not just send multiple requests through the fetch api in a website?

4:31 someone clip this 😂

Why was attacking it via a browser so important? Like you showed in python it's just a few lines of code.

It’s easy for an attacker to make the victim open a malicious website. Getting python code execution on the local computer is already game over ;)

hellow everyone

Looking at how frequently the lsp server is called why did they choose to go with json as opposed to binary encoding? Seems like a bad choice.

I don't think it would make much of a difference performance-wise. Since no bytes have to be transmitted over the (slow) network, the performance cost of a single call to the language server is probably not going to depend too much on the length of the data to be sent, but will just be some more or less constant amount of time spent in kernel code (for the underlying IPC mechanism). So, with performance not being an issue, it makes sense to just make the API for the language server as programmer-friendly as possible. And there, JSON just wins over binary encoding. Sadly. :D

Who do we not trust? some extension? some external attacker getting RCE on a computer because LSP is running on it? - What's the intro? What's the context?

A malicious website. That’s why we explore whether we can attack the extension from the browser

@@LiveOverflow Yeah, eventually that was answered. But initially it was not clear. - Also, I think it's just what direction the search turned toward. Not the initial goal. - I guess the initial goal was "try to find any vulnerability" be it local escalation, or external access etc ... but that's a weird goal to have... but I guess it's just "how safe is it to let someone use VSCode+LSP" inside our reasonably trusted LAN etc ...

You literally described the video :D I had to do a security review of a vscode extension. And in the video I take you along researching one particular attack surface. It’s just the story from start to research result ;)

And yes, that’s research. „Initially the goal wasn’t clear“. Of course it’s not clear, that’s science and looking into the unknown;)

@@LiveOverflow Yeah, my bad. I didn't know exactly what "security review" is, so I was confused the first 75% of the video, before I figured out what the objective was. - As a software developer, I usually start by defining an attack surface. Don't worry with anything in the "trusted" scope, trust "nothing" in the outside world. Only caring about that one well defined surface to not go crazy. Otherwise I would never get anything done. - That's why it was hard for me to go along and think about the problem when that was not clear upfront. - It would have been useful for me to mention near the start we are looking for a vulnerability at any possible "level" (except not really untrusted extensions themselves?). - With VSCode extensions, I would be much more worried about evil/hacked extensions, dependency running a hacked script etc ... than an existing "backdoor" using it for escalation, or website injecting a script in my build... - But the browser direction was interesting. I always assume only local things can open connections to loopback ports, so never considered worrying about it (except extensions, tools that are local servers, etc) ... I wonder if my assumption is even right ... I never considered CORS at development time running on localhost.... O.O Great video, though. Thanks!

Please explain CVE-2022-37421 with example/demo or reply please

Am I completely off the mark for seeing this as quite a major at least privacy if not also security hazard? The JSON RPC language server can effectively read all the code you're writing. Also you were able to read TCP traffic in cleartext using Wireshark. What's stopping a MITM in this case?

If malicious code is able to read raw tcp requests like that, it’s effectively game over for the system, and there’s no need to exploit vscode to achieve what the hacker wants. And in reality not all communication within the system needs to be encrypted. One concern which is valid is privacy concerns, and unfortunately if you install an app on your system, you’re essentially giving it free reign to access whatever file it wants

I think you'd have more important concerns if malware ended up on your computer in the first place.

Been offered a really cheap deal for 1Gbps fiber but it's CGNAT only should I take it anyone? Yes or No? Answers appreciated.

first

🥇

@@bigmistqke He deserves the award 😅😅

Who cares

@@HTWwpzIuqaObMt nobody

@@bigmistqke thank you for the honor dear sir

FYI your Twitch Link is missing a "/" after the ".tv"