WebApp Sec mailing list archives
Re: Proof of Concept Tool on Web Application Security
From: Kriss Andsten <kriss () sverok se>
Date: 11 Apr 2003 15:27:01 +0200
On Tue, 2003-04-15 at 20:03, Indian Tiger wrote: <snip>
This manipulation can also be achieved if an Attacker can put his Proxy (Web Sleuth) on intermediate Router/Proxy. One Example is I am accessing Hotmail and on my ISP Router/Proxy, An attacker installs tool like Web Sleuth. But again question comes Router works on OSI layer 3 so attacker can't put tool like Web Sleuth. If intermediate hop is Proxy which is on Application level, there should be some tool which can be placed here.
It does not matter if it's a L3 gate or even a L2 switch - given the proper conditions (decent OS on the gateway) it's always possible to transparently route traffic through an application. Always assume 'proper conditions' if the network is unknown. Also, have a look at ettercap for 'getting cookies of others'. Kriss
Current thread:
- Proof of Concept Tool on Web Application Security Indian Tiger (Apr 11)
- Re: Proof of Concept Tool on Web Application Security Kriss Andsten (Apr 12)
- <Possible follow-ups>
- RE: Proof of Concept Tool on Web Application Security Indian Tiger (Apr 18)
- RE: Proof of Concept Tool on Web Application Security Gunter (Apr 21)