First, just a quick reminder:
As you're probably getting by now: the above combination can have a problem depending on how the transparent proxy is working. Last month CERT released a not much published about vulnerability note, that by now still lists many vendors as unknown, but is starting to collect a number of vulnerable ones as well. Robert sent us a pointer to a paper titled "Socket Capable Browser Plugins Result In Transparent Proxy Abuse". In it the author describes the attack method in greater detail. The scenario is as follows: The user (victim) visits somehow www.evil.com through his browser.
If the transparent proxy intercepts this (it will), and if it resolves www.secret.com to it's real IP address and not 1.1.1.1 of www.evil.com (it might), it might just have connected the browser -thinking it's talking to www.evil.com- with a connection to www.secret.com. The browser will now allow the object from www.evil.com access to what comes in (and goes out) through the connection to www.secret.com, while it also still can communicate with www.evil.com. What can you do against this:
If you know other defenses that are effective, do contact us and we'll update. -- |
Swa 760 Posts Mar 10th 2009 |
Thread locked Subscribe |
Mar 10th 2009 1 decade ago |
I'd be very happy if JavaScript just disappeared, and most of the common browser plugins too. They should at least lose access to sockets and the ability to manipulate HTTP headers. I don't know how many web or other services of today can be considered secure when this unsolicited in-browser trash can make arbitrary connections and cross-domain POSTs without a user's consent.
To make matters worse, plenty of websites would be totally inoperable without support for scripts like this -- running their poorly-written web app. code in-browser because any server would topple over trying to do that itself. It's about time I used NoScript and told some of these web developers exactly why I won't use their services any more. |
Anonymous |
Quote |
Mar 10th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!