Re: IE7 add-on

From: Shaon Diwakar (shaon.diwakar@yahoo.com.au)
Date: Sun Feb 10 2008 - 18:59:56 EST

• Next message: barcajax@gmail.com: "Brute force Remote Desktop"
• Previous message: Dan Catalin Vasile: "RE: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny"
• Maybe in reply to: jason_jones98@hotmail.com: "IE7 add-on"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jason,

Maybe I've mis-understood, but from the information given I'm not sure if that constitutes a man in the middle attack. What's probably happening is that the browser is re-sending the session cookie to the server and since the session hasn't timed-out yet the site gets reloaded within the other tab.

A man in the middle would mean that some how someone malicious is stealing your cookie whilst its being transmitted from your PC to the server. If you bank is using SSL and there is a proxy in between - then your browser should complain or give you a warning asking if you'd like to proceed...

I guess if you are concerned that its loading sites from other tabs - then its more likely a feature bug rather than an inherent security problem in itself?

Cheers

----- Original Message ----
From: "jason_jones98@hotmail.com" <jason_jones98@hotmail.com>
To: pen-test@securityfocus.com
Sent: Friday, 8 February, 2008 1:34:00 AM
Subject: IE7 add-on

Hi.

I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a play with this? From initial results i have found this to be a great 'man-in-the-middle' attack tool.

Example on Bank site(no-names):

Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can someone advise if M$ have provided us with a great MITM plug-in tool?

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: barcajax@gmail.com: "Brute force Remote Desktop"
• Previous message: Dan Catalin Vasile: "RE: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny"
• Maybe in reply to: jason_jones98@hotmail.com: "IE7 add-on"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT