HackFest Series: Socket Capable Browsers, Intercepting Proxy Servers & Transparent Proxy Abuses
Lisa Kachold
lisakachold at obnosis.com
Tue Mar 10 16:11:55 MST 2009
"Transparent proxies allow organizations to influence and monitor thetraffic from its users without their knowledge or participation.Transparent proxies act as intermediaries between a user and enddestination, and aren't generally apparent to users sitting behindthem. Enterprises, Hotels, and Internet Service Providers often usetransparent proxy products to lower bandwidth consumption,speed up pageloads for their users, and for monitoring and filtering of web surfing.When certain transparent proxy architectures are in use an attacker canachieve a partial Same Origin Policy Bypass resulting in access to anyhost reachable by the proxy via the use of client plug-in technologies(such as Flash, Applets, etc) with socket capabilities. This write upwill describe this architecture, how it may be abused by Flash, itsexistence in various network layouts, and mitigations."
Full paper: http://www.thesecuritypractice.com/the_security_practice/TransparentProxyAbuse.pdf
Full Cert Announcement (look at that product list [\/\/0\/\/!]):
http://www.kb.cert.org/vuls/id/435052
http://www.ietf.org/rfc/rfc2616.txt
http://www.webappsec.org/lists/websecurity/archive/2008-06/msg00073.html
http://www.us-cert.gov/reading_room/securing_browser/
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008)#Black_Box_testing_and_example
http://en.wikipedia.org/w/index.php?title=List_of_TCP_and_UDP_port_numbers&oldid=266934839
Robert Auger from the PayPal Information RiskManagement team reported this issue and provided complete proof of concept technical information.
Nosis| Obnosis | (503)754-4452
PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM
_________________________________________________________________
Windows Live™ Groups: Create an online spot for your favorite groups to meet.
http://windowslive.com/online/groups?ocid=TXT_TAGLM_WL_groups_032009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090310/de14a386/attachment.htm
More information about the PLUG-discuss
mailing list