Loading...

Sniffing Passwords With HTTPReverseProxy

 
HTTPReverseProxy is a simple and strightforward HTTP reverse proxy server written in C#. When it is started it listens on the regular HTTP port, waits for incoming requests and forwards these to the server that is defined in the HTTP request headers Host directive. But instead of just forwarding requests it is also possible to modify the request itself or the responses sent back by the real web server. This is quite handy if you want to sniff data (like user names or passwords) that is protected by HTTPS.




What is it useful for?

You can use a reverse proxy in multiple ways. You put it inside a perimeter network where it handles the incoming requests as load balancer or you use it as an additional security layer. The reverse proxy sits between the requesting client and the real server.



Possible security impacts

HTTPReverseProxy accepts HTTP requests and forwards these to the real web server. Because it sits between the client and the real web server HTTPReverseProxy is in the powerful position to modify the requests and the responses. It can modify them that way that the client will use the insecure HTTP instead of HTTPS during the authentication process and the reverse proxy will forward the login requests via HTTPS to the real server.



Why HTTPS isn’t always the solution

HTTPS is the protocol we trust when sensitive data has to be protected from prying eyes. If the user doesn’t use HTTPS from the very beginning and unencrypted requests pass the network it is an easy game for an attacker to manipulate the data for his profit.

How can you modify the data stream


HTMLMAP Modify HTML content sent back by the real web server.
HTMLMAP||https://login.skype.com/intl/||http://www.skype.com/LoginSkypeCom
REQMAP Modify the requested URL before it is sent to the real web server.
HTMLMAP||https://login.skype.com/intl/||http://www.skype.com/LoginSkypeCom
LOCMAP Modify the HTTP Location header that was generated by the real web server.
HTMLMAP||https://login.skype.com/intl/||http://www.skype.com/LoginSkypeCom



Security impacts on …

While writing the reverse proxy server I did some tests with popular sites where users have to log in and type in their user name and password. These sites have an Alexa rank < 250.

www.badoo.com Vlunerable. They don’t use HTTPS.
www.dropbox.com I am working on it.
www.facebook.com Vulnerable. HTTPS can be circumvented.
www.google.com Not vulnerable. Too complex.
www.linkedin.com Vulnerable. HTTPS can be circumvented
www.paypal.com I am working on it.
www.skype.com Vulnerable. HTTPS can be circumvented
www.statcounter.com Vlunerable. They don’t use HTTPS.
www.twitter.com Vulnerable. HTTPS can be circumvented
www.wordpress.com Vulnerable. HTTPS can be circumvented.
www.xing.com Vulnerable. HTTPS can be circumvented.
www.yahoo.com Not vulnerable. Too complex.



How can I protect myself

  • Whenever possible use HTTPS instead of HTTP. No matter if you’re using the Internet at home or somewhere else.
  • Because people forget rule one too often install the HTTPS Everywhere plugin for Google Chrome and Firefox.
  • If you dont use Google Chrome or Firefox and you want to avoid troubles then get one of these browsers and install HTTPS Everywhere.
  • If you are connected to the Internet via a public network and you can’t establish connections via HTTPS be aware that for an attacker reading your username and password is no big deal. Think before you click.
Reactions: 
Hacking Tutorial 8201092236447381302

Post a Comment

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker