TY - JOUR
T1 - Off-path TCP injection attacks
AU - Gilad, Yossi
AU - Herzberg, Amir
PY - 2014/4
Y1 - 2014/4
N2 - We present practical off-path TCP injection attacks for connections between current, nonbuggy browsers and Web servers. The attacks allow Web-cache poisoning with malicious objects such as spoofed Web pages and scripts; these objects can be cached for a long period of time, exposing any user of that cache to cross-site scripting, cross-site request forgery, and phishing attacks. In contrast to previous TCP injection attacks, we do not require MitM capabilities or malware running on the client machine. Instead, our attacks rely on a weaker assumption, that the user only enters a malicious Web site, but does not download or install any application. Our attacks exploit subtle details of the TCP and HTTP specifications, and features of legitimate (and very common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with most popular Web sites are vulnerable. We conclude this work with practical client- and server-end defenses against our attacks.
AB - We present practical off-path TCP injection attacks for connections between current, nonbuggy browsers and Web servers. The attacks allow Web-cache poisoning with malicious objects such as spoofed Web pages and scripts; these objects can be cached for a long period of time, exposing any user of that cache to cross-site scripting, cross-site request forgery, and phishing attacks. In contrast to previous TCP injection attacks, we do not require MitM capabilities or malware running on the client machine. Instead, our attacks rely on a weaker assumption, that the user only enters a malicious Web site, but does not download or install any application. Our attacks exploit subtle details of the TCP and HTTP specifications, and features of legitimate (and very common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with most popular Web sites are vulnerable. We conclude this work with practical client- and server-end defenses against our attacks.
KW - Browser security
KW - Web and network security
UR - http://www.scopus.com/inward/record.url?scp=84900295815&partnerID=8YFLogxK
U2 - 10.1145/2597173
DO - 10.1145/2597173
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:84900295815
SN - 1094-9224
VL - 16
JO - ACM Transactions on Information and System Security
JF - ACM Transactions on Information and System Security
IS - 4
M1 - 13
ER -