Penetration Testing mailing list archives

Re: IE7 add-on

From: Shaon Diwakar <shaon.diwakar () yahoo com au>
Date: Sun, 10 Feb 2008 15:59:56 -0800 (PST)

Hi Jason,

Maybe I've mis-understood, but from the information given I'm not sure if that constitutes a man in the middle attack. 
What's probably happening is that the browser is re-sending the session cookie to the server and since the session 
hasn't timed-out yet the site gets reloaded within the other tab.

A man in the middle would mean that some how someone malicious is stealing your cookie whilst its being transmitted 
from your PC to the server. If you bank is using SSL and there is a proxy in between - then your browser should 
complain or give you a warning asking if you'd like to proceed... 

I guess if you are concerned that its loading sites from other tabs - then its more likely a feature bug rather than an 
inherent security problem in itself?

Cheers


----- Original Message ----
From: "jason_jones98 () hotmail com" <jason_jones98 () hotmail com>
To: pen-test () securityfocus com
Sent: Friday, 8 February, 2008 1:34:00 AM
Subject: IE7 add-on

Hi.

I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a play with this? From initial results i have 
found this to be a great 'man-in-the-middle' attack tool.

Example on Bank site(no-names):

Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 
'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can 
someone advise if M$ have provided us with a great MITM plug-in tool? 


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

IE7 add-on jason_jones98 (Feb 07)
- Re: IE7 add-on Adam Thompson (Feb 10)
- RE: IE7 add-on Robert S. Slifkin (Feb 10)
- Re: IE7 add-on Dave Howe (Feb 10)
- <Possible follow-ups>
- Re: IE7 add-on Shaon Diwakar (Feb 10)