WebApp Sec mailing list archives
Active Man in the Middle Attacks
From: Adi Sharabani <adishar () gmail com>
Date: Mon, 2 Mar 2009 18:07:44 +0200
Hello, We have recently discovered a new type of web attacks which could be initiated upon a man in the middle scenario (or by leveraging DNS Pinning techniques). The attack which we call Active MitM attack allows an attacker to gather sensitive information from the past such as cookies (surf jacking) and auto-completion information, but also affect the future by poisoning victim’s cache and cookies, and penetrating local networks will ever be used by the victim. One of the results of the research is that VPN is not good enough for the application layer, and using Active techniques a MitM would be able to access any web resource within any internal network, even if not accessible from the public net, and even if the victim does not actively use it. The entire technical details of the attack can be found at: http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html In the above work, we have tried to articulate a problem with the current design of the web rather than dealing with implementation bugs such as browser’s exploits which allow the execution of malware on victim’s machine. Best Regards, -Adish Adi Sharabani Security Research Group Manager Rational Application Security
Current thread:
- Active Man in the Middle Attacks Adi Sharabani (Mar 02)