{"id":29,"date":"2008-08-19T10:35:18","date_gmt":"2008-08-19T05:35:18","guid":{"rendered":"http:\/\/www.logichub.net\/blog\/?p=29"},"modified":"2015-02-05T22:51:10","modified_gmt":"2015-02-05T16:51:10","slug":"surf-jacking-threatens-secure-browser-sessions","status":"publish","type":"post","link":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/","title":{"rendered":"‘Surf Jacking’ Threatens Secure Browser Sessions"},"content":{"rendered":"

Researchers at Enable Security this week published a proof of concept that shows how an attacker might hijack browser sessions secured by the popular HTTPS encryption scheme.<\/p>\n

HTTPS is used by many banks, e-commerce sites, and other businesses to provide a secure link between a browser and a Web server. But in a paper<\/a> published Sunday, Enable Security’s Sandro Gauci outlined a way that hackers might hijack HTTPS links and defeat the encryption.<\/p>\n

[ad name=”post-banner-01″]<\/p>\n

In a nutshell, the proof of concept describes a way to use the “301 Moved Permanently” redirection message to fool browsers that are seeking HTTPS sessions. Rather than breaking the encryption, surf jacking essentially takes advantage of the fact that many HTTPS servers and browsers do not make use of the “secure” flag in the browser cookie.<\/p>\n

“The result is that, even though the traffic between the server and client is transported over a secure protocol, an attacker sitting in between the victim client and the victim Web server can launch a downgrade attack to reveal the session cookie,” Gauci states in the paper. A short video<\/a> of the exploit is also available on the Web.<\/p>\n

The new proof of concept builds on Errata Security’s concept of “side jacking” HTTP sessions, which was demonstrated at the Black Hat conference last year. (See ‘Sidejacking’ Tool Unleashed<\/a>.)<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Researchers at Enable Security this week published a proof of concept that shows how an attacker might hijack browser sessions secured by the popular HTTPS encryption scheme. HTTPS is used by many banks, e-commerce sites, and other businesses to provide a secure link between a browser and a Web server. But in a paper published […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[23,21],"tags":[56,57,55,53,54,52],"class_list":["post-29","post","type-post","status-publish","format-standard","hentry","category-hacking","category-security","tag-301-moved-permanently","tag-proof-of-concept","tag-sandro-gauci","tag-secure-browser","tag-sessions","tag-surf-jacking"],"yoast_head":"\n'Surf Jacking' Threatens Secure Browser Sessions<\/title>\n<meta name=\"description\" content=\"The PoC describes a way to use the "301 Moved Permanently" redirection message to fool browsers that are seeking HTTPS sessions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"'Surf Jacking' Threatens Secure Browser Sessions\" \/>\n<meta property=\"og:description\" content=\"The PoC describes a way to use the "301 Moved Permanently" redirection message to fool browsers that are seeking HTTPS sessions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/\" \/>\n<meta property=\"og:site_name\" content=\"for everyone... :)\" \/>\n<meta property=\"article:published_time\" content=\"2008-08-19T05:35:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-02-05T16:51:10+00:00\" \/>\n<meta name=\"author\" content=\"Kashif\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kashif\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/\"},\"author\":{\"name\":\"Kashif\",\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/#\\\/schema\\\/person\\\/a8c02ebbadea5c972ff6f29ca61461a2\"},\"headline\":\"‘Surf Jacking’ Threatens Secure Browser Sessions\",\"datePublished\":\"2008-08-19T05:35:18+00:00\",\"dateModified\":\"2015-02-05T16:51:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/\"},\"wordCount\":229,\"commentCount\":0,\"keywords\":[\"301 Moved Permanently\",\"Proof of Concept\",\"Sandro Gauci\",\"Secure Browser\",\"Sessions\",\"Surf Jacking\"],\"articleSection\":[\"Hacking\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/\",\"url\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/\",\"name\":\"'Surf Jacking' Threatens Secure Browser Sessions\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/#website\"},\"datePublished\":\"2008-08-19T05:35:18+00:00\",\"dateModified\":\"2015-02-05T16:51:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/#\\\/schema\\\/person\\\/a8c02ebbadea5c972ff6f29ca61461a2\"},\"description\":\"The PoC describes a way to use the \\\"301 Moved Permanently\\\" redirection message to fool browsers that are seeking HTTPS sessions.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/2008\\\/08\\\/surf-jacking-threatens-secure-browser-sessions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"‘Surf Jacking’ Threatens Secure Browser Sessions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/\",\"name\":\"for everyone... :)\",\"description\":\"etc...\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/#\\\/schema\\\/person\\\/a8c02ebbadea5c972ff6f29ca61461a2\",\"name\":\"Kashif\",\"sameAs\":[\"http:\\\/\\\/www.logichub.net\\\/blog\\\/\"],\"url\":\"https:\\\/\\\/www.logichub.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'Surf Jacking' Threatens Secure Browser Sessions","description":"The PoC describes a way to use the \"301 Moved Permanently\" redirection message to fool browsers that are seeking HTTPS sessions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/","og_locale":"en_US","og_type":"article","og_title":"'Surf Jacking' Threatens Secure Browser Sessions","og_description":"The PoC describes a way to use the \"301 Moved Permanently\" redirection message to fool browsers that are seeking HTTPS sessions.","og_url":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/","og_site_name":"for everyone... :)","article_published_time":"2008-08-19T05:35:18+00:00","article_modified_time":"2015-02-05T16:51:10+00:00","author":"Kashif","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kashif","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/#article","isPartOf":{"@id":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/"},"author":{"name":"Kashif","@id":"https:\/\/www.logichub.net\/blog\/#\/schema\/person\/a8c02ebbadea5c972ff6f29ca61461a2"},"headline":"‘Surf Jacking’ Threatens Secure Browser Sessions","datePublished":"2008-08-19T05:35:18+00:00","dateModified":"2015-02-05T16:51:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/"},"wordCount":229,"commentCount":0,"keywords":["301 Moved Permanently","Proof of Concept","Sandro Gauci","Secure Browser","Sessions","Surf Jacking"],"articleSection":["Hacking","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/","url":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/","name":"'Surf Jacking' Threatens Secure Browser Sessions","isPartOf":{"@id":"https:\/\/www.logichub.net\/blog\/#website"},"datePublished":"2008-08-19T05:35:18+00:00","dateModified":"2015-02-05T16:51:10+00:00","author":{"@id":"https:\/\/www.logichub.net\/blog\/#\/schema\/person\/a8c02ebbadea5c972ff6f29ca61461a2"},"description":"The PoC describes a way to use the \"301 Moved Permanently\" redirection message to fool browsers that are seeking HTTPS sessions.","breadcrumb":{"@id":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.logichub.net\/blog\/2008\/08\/surf-jacking-threatens-secure-browser-sessions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.logichub.net\/blog\/"},{"@type":"ListItem","position":2,"name":"‘Surf Jacking’ Threatens Secure Browser Sessions"}]},{"@type":"WebSite","@id":"https:\/\/www.logichub.net\/blog\/#website","url":"https:\/\/www.logichub.net\/blog\/","name":"for everyone... :)","description":"etc...","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.logichub.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.logichub.net\/blog\/#\/schema\/person\/a8c02ebbadea5c972ff6f29ca61461a2","name":"Kashif","sameAs":["http:\/\/www.logichub.net\/blog\/"],"url":"https:\/\/www.logichub.net\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":13,"url":"https:\/\/www.logichub.net\/blog\/2008\/08\/microsoft-patches-holes-in-office-browser\/","url_meta":{"origin":29,"position":0},"title":"Microsoft Patches Holes in Office, Browser","author":"Kashif","date":"August 18, 2008","format":false,"excerpt":"Microsoft released patches to fix 26 vulnerabilities in the company's software, including major issues in its Internet Explorer browser and Office suite of productivity applications. The eleven patches, published on Microsoft's monthly schedule, included six fixes rated Critical -- Microsoft's highest rating of severity -- and five updates rated Important\u2026","rel":"","context":"In "IT News"","block_context":{"text":"IT News","link":"https:\/\/www.logichub.net\/blog\/category\/news\/it-news\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":502,"url":"https:\/\/www.logichub.net\/blog\/2011\/01\/easy-to-implement-techniques-on-how-to-secure-your-home-pc-from-bad-guys\/","url_meta":{"origin":29,"position":1},"title":"Easy to implement techniques on How to Secure your Home PC from Bad Guys","author":"Kashif","date":"January 13, 2011","format":false,"excerpt":"The\u00a0Internet\u00a0may\u00a0contain dangers\u00a0for the\u00a0ordinary and innocent computer user.\u00a0Without\u00a0proper security measures, your PC and data saved in your PC is\u00a0in\u00a0danger\u00a0every moment of\u00a0your\u00a0system is\u00a0connected\u00a0to the internet. In order to protect your Home PC, these steps are necessary to follow: Use of Strong Password Use of reliable Antivirus and\u00a0Anti Spyware\u00a0software Update your Operating System\u2026","rel":"","context":"In "IT Articles"","block_context":{"text":"IT Articles","link":"https:\/\/www.logichub.net\/blog\/category\/articles\/it-articles\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":125,"url":"https:\/\/www.logichub.net\/blog\/2008\/08\/hacker-claims-java-bug-affects-millions-of-phones\/","url_meta":{"origin":29,"position":2},"title":"Hacker Claims Java Bug Affects Millions of Phones","author":"Kashif","date":"August 20, 2008","format":false,"excerpt":"A Polish hacker and self professed security expert claims to have discovered vulnerabilities in the mobile Java technology implemented by Nokia in its mid-range S40 devices, potentially putting millions of handsets at risk. Adam Gowdiak, who is in the process of setting up a security research firm, Security Explorations, claims\u2026","rel":"","context":"In "Hacking"","block_context":{"text":"Hacking","link":"https:\/\/www.logichub.net\/blog\/category\/security\/hacking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":112,"url":"https:\/\/www.logichub.net\/blog\/2008\/08\/microsoft-releases-net-framework-35-sp1\/","url_meta":{"origin":29,"position":3},"title":"Microsoft Releases .NET Framework 3.5 SP1","author":"Kashif","date":"August 20, 2008","format":false,"excerpt":"Microsoft .NET Framework 3.5 Service Pack 1 is a full cumulative update that contains many new features building incrementally upon .NET Framework 2.0, 3.0, 3.5, and includes cumulative servicing updates to the .NET Framework 2.0 and .NET Framework 3.0 subcomponents. [ad name=\"post-banner-01\"] .NET Framework version 3.5 Service Pack 1 provides\u2026","rel":"","context":"In "IT News"","block_context":{"text":"IT News","link":"https:\/\/www.logichub.net\/blog\/category\/news\/it-news\/"},"img":{"alt_text":".NET Framework 3.5 Sp1","src":"https:\/\/i0.wp.com\/www.net-security.org\/images\/articles\/dotnetsp1.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/posts\/29","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/comments?post=29"}],"version-history":[{"count":0,"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/posts\/29\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/media?parent=29"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/categories?post=29"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.logichub.net\/blog\/wp-json\/wp\/v2\/tags?post=29"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}