A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages - Information Security and Privacy Research
Conference Papers Year : 2012

A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages

Abstract

HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Here we present a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to reference values coming from different sorts of trusted sources. The rationale behind the extension is discussed and its effectiveness is demonstrated with some quantitative results, gathered on the prototype that has been implemented for Mozilla Firefox.
Fichier principal
Vignette du fichier
978-3-642-30436-1_47_Chapter.pdf (82.38 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01518220 , version 1 (04-05-2017)

Licence

Identifiers

Cite

Marco Prandini, Marco Ramilli. A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.549-554, ⟨10.1007/978-3-642-30436-1_47⟩. ⟨hal-01518220⟩
72 View
68 Download

Altmetric

Share

More