Surf Jacking
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Web Application Configuration
Invented In:
10/08/2008
Added In:
26/01/2015
Quick Introduction to the Topic:
Vector Operation Method:
Attackers eavesdropping to communication sent from a station to a website via SSL can gain access to the website cookie by intercepting communication sent from the same station via clear HTTP to other web sites, and responding with 301 redirect messages to the target website using a clear-http protocol, which in turn, will cause the browser to send the secure website cookies in clear text.
