A Network Forensics System Bypassing Web Local Encryption Businesses
Sniffer and MITM attack can do nothing to local encryption, which is a new technology, because the plaintext is merely encrypted in users browser. Therefore, this paper proposed a clever way to bypass local encryption to achieve the goal of network forensics, based on the idea of MITM attack. A middle device is added to the key point of the network in which the forensics is realized through hijacking and tampering with HTML pages. The system redirects the IP packet to another computer in LAN by hijacking the real IP of the server. That computer fakes the real web server, and then by inserting some code in HTML page, the unencrypted plaintext is got before the code of local encryption been executed. The results show that the object is not aware of the existence of the forensics system, but the system has logged all the information of a HTTP request, including the plaintext bypassed local encryption.
Local Encryption Network Forensics System MITM Attack IP Hijack JS Script
P.Li R.Z.Wang Y.Z.Zhang D.W.Chen
College of Computer,Nanjing University of Posts and Telecommunications,Nanjing,210003,China Nanjing Fiberhome Security Network Information Technology Co.,Ltd.,Nanjing,210001,China
国际会议
常州
英文
494-498
2009-11-19(万方平台首次上网日期,不代表论文的发表时间)