Chapter 12  ■ Attacking Other Users

such as session tokens, are not transmitted. This means that the content

retrieved in the attack will be the same as if the attacker had simply visited

http://wahh-app.com/

directly himself.

So what does the attack achieve? It is effective in retrieving content from

web sites which the user can access but which the attacker cannot. If the user

is on a corporate LAN, the attacker will be able to browse intranet sites on the

LAN. If the user is on a home DSL connection, the attacker will be able to com-

municate with the administrative interface on their router, which listens only

on the internal home network. The attacker can also interact with any web-

based services on the user’s own computer, even if these are protected by a

personal firewall. In these situations, the attacker can reach servers that are

defended by the network topology rather than by authentication and sessions.

A sophisticated attack could turn the user’s browser into an open proxy, allow-

ing the attacker to capture data from, and perform arbitrary actions against,

arbitrary targets. In many contexts, this could be a very serious threat.

DNS Pinning

It is specifically to prevent this kind of attack that DNS pinning exists. When

browsers resolve a domain name to an IP address, they cache the IP address

for the duration of the current browser session, regardless of the TTL value

specified in the response to the lookup. Hence, in step 5 of the hypothetical

attack, the browser will continue to associate 

wahh-attacker.com

with the

original IP address 

1.2.3.4

, and so does not make any request to the server at

wahh-app.com

. So the attack was only hypothetical after all. 

Download 5,76 Mb.

Do'stlaringiz bilan baham: