General Information

Surf Jacking

Variants:
Direct 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Web Application Configuration

Invented In:
10/08/2008

Added In:
26/01/2015

Quick Introduction to the Topic:


Vector Operation Method:
Attackers eavesdropping to communication sent from a station to a website via SSL can gain access to the website cookie by intercepting communication sent from the same station via clear HTTP to other web sites, and responding with 301 redirect messages to the target website using a clear-http protocol, which in turn, will cause the browser to send the secure website cookies in clear text.


Direct Variant:

Surf Jacking

Variant Title:
Surf Jacking

Typical Severity:
Medium

Learn More: