Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 6

intercepting messages from Flash, Java applet and Silverlight
Attack requirement
1. Extension interacts with
server through Http
2. No special encryption is
used to preserve messages
confidentiality.
Flash or java applet Sends a request to
sever
Extract and
Decipher
message
Attack process
1. Capture the request
initiated by the page using a
proxy like Burp.
2. Depending on the type of
extension use the right
deciphering method to
unpack the message sent.
2017-05-10
Alter and
retransmit
message
capture and
Decipher
message
Web Application Security Fast Guide (book slides)
Send a privileged response
By Dr.Sami Khiami
Slide 6