Injected JavaScript = MITM hijackings

Discussion in 'other security issues & news' started by CloneRanger, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    More than just MITM attacks, rather SITM = State In The Middle :eek:

    This is from earlier on in the year, but as i didn't see it posted before i feel it's very worthwhile including.

    Originally saw it here - http://www.cpj.org/internet/2011/01/tunisia-invades-censors-facebook-other-accounts.php - with various comments/ideas etc :thumb:
     
  2. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    I must be missing something here. How did the malicious javascript code get onto "login pages for Gmail, Yahoo, and Facebook"? I'm not sure how anyone could compromise those login pages without making a much bigger scene.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    DNS redirection maybe?
     
  4. x942

    x942 Guest

    If you are on the same LAN as the victim all you need to do is a little ARP poisining and redirect facebook to your computer or another server running a fake google login and the malicious script. This is incredibly easy if you are on the same LAN (done it at starbucks plenty of times). If attempting this over WAN than you need to compromise the victims computer first, use URL shorten or redirects, use tabnapping, or finally DNS Cache poisining. Attacks like these are way easier of LAN and as such unless you are sitting on open wifi you dont have much to worry about.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From the article:
    The ISP itself can inspect and modify your traffic as long as it's not encrypted.

    Another example of this concept: ISPs Able To Use Your Surfing Data To Insert Their Own Ads Everywhere.
     
    Last edited: Mar 13, 2011
Loading...
Thread Status:
Not open for further replies.