Penetration Testing mailing list archives
Re: IE7 add-on
From: "Adam Thompson" <adwulf () gmail com>
Date: Thu, 7 Feb 2008 19:00:36 +0000
This happens because you're still logged in to the banking site. If you don't logoff, the session is still active. This would work the same with two windows or tabs in ANY browser. How do you plan to exploit this as MITM? On 7 Feb 2008 14:34:00 -0000, jason_jones98 () hotmail com <jason_jones98 () hotmail com> wrote:
Hi. I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a play with this? From initial results i have found this to be a great 'man-in-the-middle' attack tool. Example on Bank site(no-names): Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can someone advise if M$ have provided us with a great MITM plug-in tool? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- AdamT "I've had death threats - well, OK, a petition." - Jack Dee ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- IE7 add-on jason_jones98 (Feb 07)
- Re: IE7 add-on Adam Thompson (Feb 10)
- RE: IE7 add-on Robert S. Slifkin (Feb 10)
- Re: IE7 add-on Dave Howe (Feb 10)
- <Possible follow-ups>
- Re: IE7 add-on Shaon Diwakar (Feb 10)