Host header cannot be trusted as an anti anti
DNS-pinning measure
Anti DNS-pinning texts ([1], [2], [3]) typically
mention that the Host header of the HTTP request is
different than the real domain name/host name of the
site. As such, a suggested security measure against
anti DNS-pinning
Technical note: under some conditions, it's possible to steal HTTP credentials
using Flash
(requires IE + some transparent proxies or virtual hosting)
The method described here is pretty simple. It works
though only on HTTP (not HTTPS) credentials. Also, it
works only when the client browses
On 26 Jul 2006 at 22:43, 3CO wrote:
FYI Flash9 added a new property for object and embed tags to prevent
this technique from being used: allowNetworking:
http://livedocs.macromedia.com/flex/2/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Partsfile=1590.html
That page
Hi
A reader going by the nickname xeek pointed out to me that
the examples in the paper making use of the HTTP GET request
do not work as-is (thanks xeek!). After looking at the matter,
I realized that I made a silly mistake. In my research, I
toyed with the LoadVars.send() method with 2
Forging HTTP request headers with Flash
Amit Klein, July 2006
Flash - Introduction
Flash player is a very popular browser add-on from Adobe
(actually, Flash was invented by Macromedia, which was acquired
by Adobe). This write-up covers
On 23 Jun 2006 at 7:55, James C. Slora Jr. wrote:
Amit Klein wrote Thursday, June 22, 2006 3:47 AM
So in order to exploit this in HTML over HTTP, the attacker needs to
either add/modify the Content-Type response header, or to add/modify the
META tag in the HTML page.
There are other
On 23 Jun 2006 at 10:35, Vincent Archer wrote:
On Fri, Jun 23, 2006 at 12:08:56AM +0200, Amit Klein (AKsecurity) wrote:
So what I don't understand now is why IE's solution is any better than
Opera/Firefox?
Why is modifying the data (msb) any better than modifying the
data
On 21 Jun 2006 at 18:24, Paul wrote:
Very interesting, indeed. Does this work with functional characters
such as html brackets? What about html tag obfuscation (bypassing
script filters such as those in place at hotmail)?
Notice that in order for this trick to work, the charset should be
On 21 Jun 2006 at 13:11, [EMAIL PROTECTED] wrote:
1. problem description
The character set ASCII encodes every character with 7 bits. Internet
connections transmit octets with 8 bits. If the content of such a
transmission is encoded in ASCII, the most significant bit must be ignored.
On 8 Jun 2006 at 22:48, Michal Zalewski wrote:
Web VPN or SSL VPN is a term used to denote methods for accessing
company's internal applications with a bare WWW browser, with the use of
browser-based SSO authentication and SSL tunneling. As opposed to IPSec,
no additional software or
On 8 May 2006 at 16:01, Zaninotti, Thiago wrote:
Folks,
During some specific tests with our upcoming Web App Security Scanner tool,
we have found that Apache would kindly accept HTML injection through
Expect header. Originally meant to be a protocol flow control that would
give web
HTTP Response Smuggling
Or HTTP Response Splitting is [still] Mostly Harmful ;-)
Amit Klein, February 2006
Introduction
Recently, several anti- HTTP Response Splitting strategies has
been suggested and/or put to use by various
Technical note
XST Strikes Back
(or perhaps Return from the Proxy...)
Amit Klein, January 2006
Introduction
About three years ago, the concept of Cross Site Tracing [1]
was introduced to the
Hi
Please see my comment below,
Thanks,
-Amit
On 15 Jan 2006 at 12:49, Shalom Carmel wrote:
A Mini-paper
Reverse Proxy Cross Site Scripting
Author: Shalom Carmel
Date: January 13, 2005
[...]
The attacker site is called http://www.victim.com.victin.com
The
14 matches
Mail list logo
