Abstract
Web servers provide new features for legitimate users, but they also provide avenues of attack for malicious actors. An attacker that has been able to compromise a system on a network can extract passwords stored in Internet Explorer or Firefox. A defender can use a master password on Firefox to mitigate these kinds of attacks. An attacker that can find their way on to the local network can use Ettercap to launch a man in the middle attacks. If a web server automatically redirects unsecure HTTP traffic to a secure HTTPS site, then an attacker can use sslstrip to intercept the traffic before it is encrypted, allowing them to attack the connection without the browser warning of an improperly configured certificate chain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This assumes the attacker is using a Kali system with the default installation.
- 2.
Taken from the Red Hat bug report https://access.redhat.com/blogs/766093/posts/1976383
- 3.
Recall from Chapter 14 that a valid HTTP response begins with two newlines.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2019). Web Attacks. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_16
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4294-0_16
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books