WebApplication authentication security risk

[Simon <simon.xhz () gmail com>]

Hi,
  It's been a while since I checked here, just in case I'll send out
the usual handshake <Hello World!>

  I was working on networking "relay", a program that listens for
incoming connections on localhost and relays packets to a remote host.

  The first host I tried was google.ca.  My relay did not relay the
page, IExplorer showed a blank page.  If I go to a different site, it
works.

  I have made a PHP script in the past that takes a username,
password, IP address, User-Agent, a cookie (md5 hash of
date+ip+useragent).  And I found out I could possibly start hacking my
own security PHP script using this relay.

  For a secure PHP script, make sure you check the browser's requested
URI.  If browser requested anything else than the script's host, then
you know the connection is relayed and could be sniffed. 
Unfortunately, it is possible to repackage the HTTP headers to change
the Requested URI and only an encrypted connection would be able to
prevent this kind of exploit.

Anyway, hope it interest a couple people, hope I didn't bother anyone,
it's just I thougth my own secure login script was top secure and I'm
sure that programmers check for this rarely!

Simon

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------