Re: Firefox: serious cookie stealing / same-domain bypass vulnerability



On Thu, 15 Feb 2007, 3APA3A wrote:

Mitigating factor: it doesn't work through proxy, because for proxy URI
is sent instead of URL and request will be incomplete.

Yup. Depends on the proxy, actually ('GET http://evil.com' might get
parsed as HTTP/0.9) - but Squid, both in direct and in reverse mode (say,
on Wikipedia), will reject such a request.

Cheers,
/mz



Relevant Pages

  • [Full-disclosure] Evading URL Filtering(websense) software configured in Transparent (or Sniffing) m
    ... Evading URL Filtering software configured in Transparent mode, ... but Websense has been informed in December ... They also had a copy of this proxy script for over ... Websense looks at this request and answers yes or no ...
    (Full-Disclosure)
  • Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite?
    ... manually trap HTTP REQUEST and forward it onto the server. ... change your proxy settings by clicking the button under the "proxy" tab to ... Cisco 3015 concentrator VPN bruteforce? ... interaction, like a header rewrite on the fly. ...
    (Pen-Test)
  • Re: AOL "proxy" behavior?
    ... > of valid AOL proxy behavior where a request for a single page can go thru ... Spawning multiple proxies to request information that ... > generally only 1 proxy would get. ... then the second had picked up the cookie of the ...
    (Incidents)
  • RE: HttpWebRequest over Https Via Proxy Fails using NTLM
    ... request a resource over HTTPS is failing following the installation of a new ... proxy server on our internal network with 407 Proxy Authentication Required. ... Is there any way to debug the ntlm authentication module to see exactly what ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Anonymous connections in proxy log on ISA2004
    ... through the isa firewall it sends the inital request as an anonymous ... > proxy clients in it. ... > When a client accesses a website I get a load of Anonymous denied ... As this si an anonymouse connection it denies the packet. ...
    (microsoft.public.isaserver)