Abstract
Web servers provide new features for legitimate users, but also provide numerous avenues of attack for malicious actors. An attacker that has been able to compromise a system on a network can extract passwords stored in Internet Explorer or Firefox. A savvy defender can use a master password on Firefox to mitigate these kinds of attacks. An attacker that can only find their way on to the local network can use Ettercap to launch man in the middle attacks. If a web server automatically redirects unsecure HTTP traffic to a secure HTTPS site, then an attacker can use sslstrip to intercept the traffic before it is encrypted, allowing them to attack the connection without the browser warning of an improperly configured certificate chain.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
To generate a burst, more than 10 requests are needed. The first 11 requests triggers the first burst, 11 more triggers the second, and so the next request, number 23, is blocked by IP address.
- 2.
Recall from Chapter 11 that Apache handles IPv4 addresses using IPv4-mapped IPv6 addresses.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2015 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2015). Web Attacks. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0457-3_13
Download citation
DOI: https://doi.org/10.1007/978-1-4842-0457-3_13
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-0458-0
Online ISBN: 978-1-4842-0457-3
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)