[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Paper: Socket Capable Browser Plugins Result In Transparent Proxy Abuse
From:       robert () webappsec ! org
Date:       2009-03-10 17:04:50
Message-ID: 20090310170450.79632.qmail () cgisecurity ! net
[Download RAW message or body]


Abstract
"Transparent proxies allow organizations to influence and monitor the traffic from \
its users without their knowledge  or participation. Transparent proxies act as \
intermediaries between a user and end destination, and aren't generally  apparent to \
users sitting behind them. Enterprises, Hotels, and Internet Service Providers often \
use transparent proxy  products to lower bandwidth consumption,speed up page loads \
for their users, and for monitoring and filtering of web  surfing. When certain \
transparent proxy architectures are in use an attacker can achieve a partial Same \
Origin Policy  Bypass resulting in access to any host reachable by the proxy via the \
use of client plug-in technologies (such as Flash,  Applets, etc) with socket \
capabilities. This write up will describe this architecture, how it may be abused by \
Flash,  its existence in various network layouts, and mitigations."

Paper Link:
http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html


Regards,
- Robert 


[prev in list] [next in list] [prev in thread] [next in thread]