Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Active Man in the Middle Attacks
From: Adi Sharabani <adishar () gmail com>
Date: Mon, 2 Mar 2009 18:07:44 +0200
Hello,

We have recently discovered a new type of web attacks which could be
initiated upon a man in the middle scenario (or by leveraging DNS
Pinning techniques). The attack which we call Active MitM attack
allows an attacker to gather sensitive information from the past such
as cookies (surf jacking) and auto-completion information, but also
affect the future
by poisoning victim’s cache and cookies, and penetrating local
networks will ever be used by the victim. One of the results of the
research is that VPN is not good enough for the application layer, and
using Active techniques a MitM would be able to access any web
resource within any internal network, even if not accessible from the
public net, and even if the victim does not actively use it.

The entire technical details of the attack can be found at:
  http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html

In the above work, we have tried to articulate a problem with the
current design of the web rather than dealing with implementation bugs
such as browser’s exploits which allow the execution of malware on
victim’s machine.

Best Regards,
-Adish

Adi Sharabani
Security Research Group Manager
Rational Application Security

  By Date           By Thread  

Current thread:
  • Active Man in the Middle Attacks Adi Sharabani (Mar 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]