[funsec] [Fwd: Reverse Proxy Cross Site Scripting]

mailinglist mailinglist email-fulldisclosure at hotmail.com
Tue Jan 17 12:07:46 CST 2006


How is this different from just doing any MITM of attackers choice?

MITM:
* Able to read any content
* Able to inject any content

Reverse Proxy Cross Site Scripting:
* Able to read any content
* Able to inject any content

If you actually are able to MITM, why do cross site scripting at all? In 
most scenarios, you allready got what you wanted (e.g. username / password / 
session identifier) without using XSS.


There was a discussion on a non-security community (lunarstorm.se, very l33t 
community, or not) regarding possible phising schemes against a Swedish bank 
a few years ago. The attack did involve MITM and poisoning local computers 
SSL settings (so it did require a bit of trojan works, which perhaps is a 
overkill since many users trust any site even if it has wrong ) but the nice 
thing was that a theoretical attack scenario was shown to be able to 
circumvent the bank's additionall protection layer (hardware boxes, 
vulnerability: you enter values to decided by the site, and you don't know 
what you are confirming, only what the MITM page says you are doing).

MITM is very powerfull indeed. It is only limited by human imagination.


I would say the original post does stress the existence of a powerfull and 
easily used MITM platform (apache mod_proxy), but neither MITM nor XSS is 
new, and MITM+XSS does not enhance regular MITM (please kick me in the head 
if I missed something usefull in MITM+XSS, but I really do not see it)

/someone

_________________________________________________________________
Lättare att hitta drömresan med MSN Resor http://www.msn.se/resor/



More information about the funsec mailing list