Injected JavaScript = MITM hijackings

Discussion in 'other security issues & news' started by CloneRanger, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Jan 4, 2006
    More than just MITM attacks, rather SITM = State In The Middle :eek:

    This is from earlier on in the year, but as i didn't see it posted before i feel it's very worthwhile including.

    Originally saw it here - - with various comments/ideas etc :thumb:
  2. Carbonyl

    Carbonyl Registered Member

    May 19, 2009
    I must be missing something here. How did the malicious javascript code get onto "login pages for Gmail, Yahoo, and Facebook"? I'm not sure how anyone could compromise those login pages without making a much bigger scene.
  3. funkydude

    funkydude Registered Member

    Apr 5, 2004
    DNS redirection maybe?
  4. x942

    x942 Guest

    If you are on the same LAN as the victim all you need to do is a little ARP poisining and redirect facebook to your computer or another server running a fake google login and the malicious script. This is incredibly easy if you are on the same LAN (done it at starbucks plenty of times). If attempting this over WAN than you need to compromise the victims computer first, use URL shorten or redirects, use tabnapping, or finally DNS Cache poisining. Attacks like these are way easier of LAN and as such unless you are sitting on open wifi you dont have much to worry about.
  5. MrBrian

    MrBrian Registered Member

    Feb 24, 2008
    From the article:
    The ISP itself can inspect and modify your traffic as long as it's not encrypted.

    Another example of this concept: ISPs Able To Use Your Surfing Data To Insert Their Own Ads Everywhere.
    Last edited: Mar 13, 2011
Thread Status:
Not open for further replies.