HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Here we present a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to reference values coming from different sorts of trusted sources. The rationale behind the extension is discussed and its effectiveness is demonstrated with some quantitative results, gathered on the prototype that has been implemented for Mozilla Firefox.
A browser-based distributed system for the detection of HTTPS stripping attacks against web pages / M. Prandini; M. Ramilli. - STAMPA. - (2012), pp. 549-554. (Intervento presentato al convegno 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 tenutosi a Heraklion, Greece nel 04/06/2012 - 06/06/2012) [10.1007/978-3-642-30436-1_47].
A browser-based distributed system for the detection of HTTPS stripping attacks against web pages
PRANDINI, MARCO;RAMILLI, MARCO
2012
Abstract
HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Here we present a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to reference values coming from different sorts of trusted sources. The rationale behind the extension is discussed and its effectiveness is demonstrated with some quantitative results, gathered on the prototype that has been implemented for Mozilla Firefox.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
