Browser History Stealing with Captive Wi-Fi Portals
作者: Adrian Dabrowski , Georg Merzdovnik , Nikolaus Kommenda , Edgar Weippl
DOI: 10.1109/SPW.2016.42
关键词: Computer science 、 Captive portal 、 Reading (process) 、 Session (computer science) 、 Acceptable use policy 、 The Internet 、 World Wide Web 、 Server 、 Login 、 Personally identifiable information 、 Internet privacy
摘要: In this paper we show that HSTS headers and long-term cookies (like those used for user tracking) are so prevailing they allow a malicious Wi-Fi operator to gain significant knowledge about the past browsing history of users. We demonstrate how combine both into stealing attack by including specially crafted references captive portal or injecting them legitimate HTTP traffic. Captive portals on many Internet hotspots display message, like login page an acceptable use policy before connected Internet. They typically found in public places such as airports, train stations, restaurants. Such systems have been known be troublesome reasons. can not only current session, but also user's past. By invisibly placing vast amounts these pages, lure browser revealing either reading stored persistent (long-term) evaluating responses previously set headers. An occurrence cookie, well direct call pages' HTTPS site is reliable sign having visited earlier. Thus, technique allows site-based stealing, similar famous link-color attacks. For Alexa Top 1,000 sites, between 82% 92% sites effected over HTTP. 200,000 determined number vulnerable 59% 86%. extended our implementation other privacy-invading attacks enrich collected data with additional personal information.
computer.org
sci-hub.se 参考文章(9)
L. Montulli, D. Kristol, HTTP State Management Mechanism RFC2109. ,vol. 2109, pp. 1- 21 ,(1997)
Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, Carolyn Nguyen, "Little brothers watching you": raising awareness of data leaks on smartphones symposium on usable privacy and security. pp. 12- ,(2013) , 10.1145/2501604.2501616
Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham, An empirical study of privacy-violating information flows in JavaScript web applications computer and communications security. pp. 270- 283 ,(2010) , 10.1145/1866307.1866339
Fabian Lanze, Andriy Panchenko, Ignacio Ponce-Alcaide, Thomas Engel, Undesired relatives: protection mechanisms against the evil twin attack in IEEE 802.11 Proceedings of the 10th ACM symposium on QoS and security for wireless and mobile networks. pp. 87- 94 ,(2014) , 10.1145/2642687.2642691
Sangho Lee, Youngsok Kim, Jangwoo Kim, Jong Kim, Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities ieee symposium on security and privacy. pp. 19- 33 ,(2014) , 10.1109/SP.2014.9
Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel, A Practical Attack to De-anonymize Social Network Users ieee symposium on security and privacy. pp. 223- 238 ,(2010) , 10.1109/SP.2010.21
Shuaifu Dai, Alok Tongaonkar, Xiaoyin Wang, Antonio Nucci, Dawn Song, NetworkProfiler: Towards automatic fingerprinting of Android apps 2013 Proceedings IEEE INFOCOM. pp. 809- 817 ,(2013) , 10.1109/INFCOM.2013.6566868
Vincent F. Taylor, Riccardo Spolaor, Mauro Conti, Ivan Martinovic, AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic ieee european symposium on security and privacy. pp. 439- 454 ,(2016) , 10.1109/EUROSP.2016.40
Matthias Neugschwandtner, Christian Platzer, Martina Lindorfer, A View to a Kill: WebView Exploitation 6th {USENIX} Workshop on Large-Scale Exploits and Emergent Threats ({LEET} 13). ,(2013)