Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Web spoofing
Post: #1


We discuss in this seminars an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can be carried out on todayâ„¢s systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer.

Web spoofing allows an attacker to create a shadow copy of the entire World Wide Web. Accesses to the shadow Web are funneled through the attackerâ„¢s machine, allowing the attacker to monitor all of the victimâ„¢s activities including any passwords or account numbers the victim enters.

The attacker can also cause false or misleading data to be sent to Web servers in the victimâ„¢s name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web.

I have implemented a demonstration version of this attack.

Spoofing Attacks

In a spoofing attack, the attacker creates misleading context in order to trick the victim into making an inappropriate security-relevant decision.
A spoofing attack is like a con game: the attacker sets up a false but convincing world around the victim. The victim does something that would be appropriate if the false world were real. Unfortunately, activities that seem reasonable in the false world may have disastrous effects in the real world.
Spoofing attacks are possible in the physical world as well as the electronic one. For example, there have been several incidents in which criminals set up bogus automated-teller machines, typically in the public areas of shopping malls. The machines would accept ATM cards and ask the person to enter their PIN code. Once the machine had the victimâ„¢s PIN, it could either eat the card or malfunction and return the card. In either case, the criminals had enough information to copy the victimâ„¢s card and use the duplicate. In these attacks, people were fooled by the context they saw: the location of the machines, their size and weight, the way they were decorated, and the appearance of their electronic displays.
People using computer systems often make security-relevant decisions based on contextual cues they see. For example, you might decide to type in your bank account number because you believe you are visiting your bankâ„¢s Web page. This belief might arise because the page has a familiar look, because the bankâ„¢s URL appears in the browserâ„¢s location line, or for some other reason.To appreciate the range and severity of possible spoofing attacks, we must look more deeply into two parts of the definition of spoofing: security-relevant decisions and context.

Security-relevant Decisions

By security-relevant decision, we mean any decision a person makes that might lead to undesirable results such as a breach of privacy or unauthorized tampering with data. Deciding to divulge sensitive information, for example by typing in a password or account number, is one example of a security-relevant decision. Choosing to accept a downloaded document is a security-relevant decision, since in many cases a downloaded document is capable of containing malicious elements that harm the person receiving the document.
Even the decision to accept the accuracy of information displayed by your computer can be security-relevant. For example, if you decide to buy a stock based on information you get from an online stock ticker, you are trusting that the information provided by the ticker is correct. If somebody could present you with incorrect stock prices, they might cause you to engage in a transaction that you would not have otherwise made, and this could cost you money.


A browser presents many types of context that users might rely on to make decisions. The text and pictures on a Web page might give some impression about where the page came from; for example, the presence of a corporate logo implies that the page originated at a certain corporation. The appearance of an object might convey a certain impression; for example, neon green text on a purple background probably came from Wired magazine. You might think youâ„¢re dealing with a popup window when what you are seeing is really just a rectangle with a border and a color different from the surrounding parts of the screen. Particular graphical items like file-open dialog boxes are immediately recognized as having a certain purpose. Experienced Web users react to such cues in the same way that experienced drivers react to stop signs without reading them.The names of objects can convey context. People often deduce what is in a file by its name. Is manual.doc the text of a user manual? (It might be another kind of document, or it might not be a document at all.) URLs are another example. Is MICR0S0FT.COM the address of a large software company? (For a while that address pointed to someone else entirely. By the way, the round symbols in MICR0S0FT here are the number zero, not the letter O.)
People often get context from the timing of events. If two things happen at the same time, you naturally think they are related. If you click over to your bankâ„¢s page and a username/password dialog box appears, you naturally assume that you should type the name and password that you use for the bank. If you click on a link and a document immediately starts downloading, you assume that the document came from the site whose link you clicked on. Either assumption could be wrong.If you only see one browser window when an event occurs, you might not realize that the event was caused by another window hiding behind the visible one.
Modern user-interface designers spend their time trying to devise contextual cues that will guide people to behave appropriately, even if they do not explicitly notice the cues. While this is usually beneficial, it can become dangerous when people are accustomed to relying on context that is not always correct.

TCP and DNS Spoofing

Another class of spoofing attack, which we will not discuss here, tricks the userâ„¢s software into an inappropriate action by presenting misleading information to that software. Examples of such attacks include TCP spoofing, in which Internet packets are sent with forged return addresses, and DNS spoofing , in which the attacker forges information about which machine names correspond to which network addresses. These other spoofing attacks are well known, so we will not discuss them further.





Download The Full Presentation


Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: interoduction about web spoofing, full report on the seminar topic ip spoofing, network hacking tools ip spoofing download, ieee papers on ip spoofing, web spoofing pdf, what are advantages disadvantages of ip spoofing, web spoofing wikipedia,

Quick Reply
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  web spoofing full report computer science technology 9 9,118 26-03-2014 06:29 AM
Last Post: Guest
  Web Services Architecture computer topic 0 557 25-03-2014 10:20 PM
Last Post: computer topic
  Opera (web browser) computer science crazy 3 3,359 08-07-2013 12:45 PM
Last Post: computer topic
  Relation-Based Search Engine in Semantic Web project topics 1 1,363 21-12-2012 11:00 AM
Last Post: seminar details
  Recent Researches on Web Page Ranking computer science crazy 1 1,078 30-10-2012 02:04 PM
Last Post: seminar details
  Ontology Description using OWL to Support Semantic Web Applications computer girl 0 474 09-06-2012 02:25 PM
Last Post: computer girl
  VWS: Applying virtualization techniques to Web Services computer girl 0 573 09-06-2012 11:38 AM
Last Post: computer girl
  INTRODUCTION OF IP SPOOFING computer girl 0 603 08-06-2012 12:01 PM
Last Post: computer girl
  Seminar Report On SEMANTIC WEB Computer Science Clay 1 2,444 14-05-2012 04:09 PM
Last Post: Guest
  online-web-based search portal for blood groups full report seminar class 1 1,999 06-03-2012 03:07 PM
Last Post: savita2187