HackFest Series: Socket Capable Browsers, Intercepting Prox…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: plug-discuss
Subject: HackFest Series: Socket Capable Browsers, Intercepting Proxy Servers & Transparent Proxy Abuses

"Transparent proxies allow organizations to influence and monitor thetraffic from its users without their knowledge or participation.Transparent proxies act as intermediaries between a user and enddestination, and aren't generally apparent to users sitting behindthem. Enterprises, Hotels, and Internet Service Providers often usetransparent proxy products to lower bandwidth consumption,speed up pageloads for their users, and for monitoring and filtering of web surfing.When certain transparent proxy architectures are in use an attacker canachieve a partial Same Origin Policy Bypass resulting in access to anyhost reachable by the proxy via the use of client plug-in technologies(such as Flash, Applets, etc) with socket capabilities. This write upwill describe this architecture, how it may be abused by Flash, itsexistence in various network layouts, and mitigations."

Full paper: http://www.thesecuritypractice.com/the_security_practice/TransparentProxyAbuse.pdf

Full Cert Announcement (look at that product list [\/\/0\/\/!]):
http://www.kb.cert.org/vuls/id/435052

http://www.ietf.org/rfc/rfc2616.txt

http://www.webappsec.org/lists/websecurity/archive/2008-06/msg00073.html

http://www.us-cert.gov/reading_room/securing_browser/

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008)#Black_Box_testing_and_example

http://en.wikipedia.org/w/index.php?title=List_of_TCP_and_UDP_port_numbers&oldid=266934839
Robert Auger from the PayPal Information RiskManagement team reported this issue and provided complete proof of concept technical information.

Nosis| Obnosis | (503)754-4452
PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM


_________________________________________________________________
Windows Live™ Groups: Create an online spot for your favorite groups to meet.
http://windowslive.com/online/groups?ocid=TXT_TAGLM_WL_groups_032009---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-RE: Fail Message is Fail Messages for Fail Messages that I Never Failedto Send???Re: Fail Message is Fail Messages for Fail Messages that I NeverFailedto Send???->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)