Unencrypted Attacks

Popularity:

7

Simplicity:

7

Impact:

9

Risk Rating:

8

The HTTP protocol was initially designed as a stateless protocol, meaning that connections to a web server were destroyed as soon as the requested item had been completely retrieved. As web applications became more complex, cookies or session identifiers had to be created to keep state of whether the user was authenticated, who the user was, and whether he or she was authorized to access various sections of a web application. These session identifiers need to be transferred with every request to ensure that the web application can make a decision as to whether or not the user is allowed access to the requested section of the web application.

If unencrypted HTTP traffic is in use on the local LAN, then an attacker carrying out an MITM attack is able to capture the entire web session, including usernames, passwords, session identifiers, and any sensitive information contained within the web pages themselves. This information may allow an attacker to simply log on to the application using the captured usernames and passwords. If a weak authentication mechanism is in use, such as basic authentication, shown here, an attacker may have to decode the authorization data to gain access to the username and password:

GET /private/ HTTP/1.0

Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk==

Basic authentication encodes the username and password with Base64 encoding, which is able to be instantly decoded using any Base64 decoding tool or website. The decoder would reveal that this authorization data contains the clear-text string of myusername:mypassword. This authorization header is sent across the wire with every single HTTP request, meaning also that as long as a single instance of the web browser is open, the user stays authenticated and the session never times out.

If the web application is designed so that multiple logons are not supported, then when the attacker attempts to log in to the application, he or she may unknowingly kill the original user's session. If the user's session is killed a number of times, then the user may become suspicious to a possible attack. Most web applications do not limit the number of sessions active at any one time, and therefore, the compromised account is likely to go unnoticed.

Attackers can also perform session hijacking attacks by utilizing a local web proxy and injecting the captured session identifiers into the web traffic. This provides direct access to the user's session compromising the account and any data contained within the account.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment