Description

The following graph shows how a web page, called from the browser is returned by the server and displayed on the browser.

A page is called from a browser (e.g. click on a link: http://www.aldeid.com/index.php). Request is transmitted over the network to the server.
Server interprets the PHP page and...
...returns an HTML page that is transmitted back to the client over the network.
HTML page is then interpreted by the browser and is displayed.

Each communication that is transfered from the client to the server and from the server to the client are handled by the HyperText Transfer Protocol (HTTP). This protocol has not for objective to encrypt data. Hence, a hacker can sniff the traffic on the network (promiscuous mode or Man In The Middle Attack) to gather sensitive data.

Example

WeGoat, HTTP Basics shows that data that are transmitted over HTTP protocol are in clear. A hacker could intercept the traffic to gather sensitive data (credentials).
WebGoat insecure login shows how to sniff credentials over the network.

Protection

Encrypt sensitive traffic with SSL

Tools

Webscarab or BurpSuite enable to intercept data that are sent from and to the browser.
WireShark and Tcpdump enable to sniff data over a network

Comments

Web applications attacks/Intercept data over the network

Contents

Description

Example

Protection

Tools

Comments

Share your opinion

Navigation menu

Web applications attacks/Intercept data over the network

Description

Example

Protection

Tools

Comments

Share your opinion

Navigation menu

Search