Stealing Passwords Via Browser Refresh by Karmendra Kohli on 12/08/04

Browsers have the ability to maintain a recent record of pages that were visited by a user. The back and forward button on browsers use this functionality to display the pages recently browsed. In addition browsers also keep track of variables that were POSTed to the server while fetching the page.

The refresh feature immensely increases the functionality of the browsers and makes it convenient for users. Moreover it is done transparently so that users do not need to be aware that the variables are automatically posted to the server. All that a user has to do is to click on the “yes” button of a dialog box prompted by the browser before re-posting. This lets a user view the same pages that he had visited before.

Considering functionality, this is a very powerful feature but it can also be used to capture important user credentials from a browser. Here the inherent feature of the browser to store POST variables is exploited to gain access to important user credentials.

We will also be discussing another variation of the attack. These attacks are very simple to execute and require medium level of skills. For each variation of the attack we have proposed the solution used to address the issue.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.