WebApp Sec mailing list archives

Re: Proof of Concept Tool on Web Application Security

From: Kriss Andsten <kriss () sverok se>
Date: 11 Apr 2003 15:27:01 +0200

On Tue, 2003-04-15 at 20:03, Indian Tiger wrote:

<snip>

This manipulation can also be achieved if an Attacker can put his Proxy (Web
Sleuth) on intermediate Router/Proxy. One Example is I am accessing Hotmail
and on my ISP Router/Proxy, An attacker installs tool like Web Sleuth. But
again question comes Router works on OSI layer 3 so attacker can't put tool
like Web Sleuth. If intermediate hop is Proxy which is on Application level,
there should be some tool which can be placed here.


It does not matter if it's a L3 gate or even a L2 switch - given the
proper conditions (decent OS on the gateway) it's always possible to
transparently route traffic through an application. Always assume
'proper conditions' if the network is unknown. Also, have a look at
ettercap for 'getting cookies of others'.

Kriss

Current thread:

Proof of Concept Tool on Web Application Security Indian Tiger (Apr 11)
- Re: Proof of Concept Tool on Web Application Security Kriss Andsten (Apr 12)
- <Possible follow-ups>
- RE: Proof of Concept Tool on Web Application Security Indian Tiger (Apr 18)
  - RE: Proof of Concept Tool on Web Application Security Gunter (Apr 21)