When tolerance causes weakness: The case of injection-friendly browsers

Yossi Gilad, Amir Herzberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations

Abstract

We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web- servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period, exposing any user of that cache to XSS, CSRF and phishing attacks. In contrast to previous TCP-injection attacks, we assume neither vulnerabilities such as client-malware nor predictable choice of client port or IP-ID. We only exploit subtle details of HTTP and TCP specifications, and features of legitimate (and common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with popular websites are vulnerable. Our attack is modular, and its modules may improve other off-path attacks on TCP communication. We present practical patches against the attack; however, the best defense is surely adoption of TLS, that ensures security even against the stronger Man-in-the-Middle attacker. Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Original languageEnglish
Title of host publicationWWW 2013 - Proceedings of the 22nd International Conference on World Wide Web
Pages435-445
Number of pages11
StatePublished - 2013
Event22nd International Conference on World Wide Web, WWW 2013 - Rio de Janeiro, Brazil
Duration: 13 May 201317 May 2013

Publication series

NameWWW 2013 - Proceedings of the 22nd International Conference on World Wide Web

Conference

Conference22nd International Conference on World Wide Web, WWW 2013
Country/TerritoryBrazil
CityRio de Janeiro
Period13/05/1317/05/13

Keywords

  • Browser security
  • Off-path attacks
  • Web and network security

Fingerprint

Dive into the research topics of 'When tolerance causes weakness: The case of injection-friendly browsers'. Together they form a unique fingerprint.

Cite this