We are currently working on OWASP security fixes & we identified one attack scenario for which we are trying to figure out a possible solution:
1) User hits a valid HTTPRequest to our application. The URL in user's browser is set to our application url e.g. https-//www.abc.com/request
2-a) Attacker intercepts the request & forwards it to some malicious site instead of our application. The URL in user's browser is set to application URL e.g. https-//www.abc.com/request but the content will be that of malicious site.
OR
2-b) Application processes the request and dispatches the response through Apache. While the response is en-route, an attacker intercepts the response and replaces the content of entire response with some malicious site or message like 'You Are Hacked!!'
3) In either case, the response gets rendered in user's browser, with the URL still pointing to https-//www.abc.com/request in the browser but the content being malicious. This makes the user believe that it is still in our application.
We could replicate this scenario through our proxy tool. Being https, may be the attacker cannot decipher the response, but can certainly change the response content or redirect to some malicious site. Is there any way to identify & prevent rendering such responses in the browser through Apache or custom HTTP headers?
Any suggestions/pointers will be highly appreciated.
Thanks, Kram
Aucun commentaire:
Enregistrer un commentaire