Hijacking Web 2.0 Sites with SSLstrip and SlowLoris -- Sam Bowne and RSnake at Defcon 17 from hijacking Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
⏲ Duration: 21 min 37 sec ✓ Published: 15-Nov-2009
Description: Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike's new SSLstrip tool. nnSlowLoris is a new denial of service attack developed by RSnake.nnBoth exploits are explained and demonstrated.nnSlides, handouts, and detailed instructions for these attacks are available at:nnhttp://samsclass.info/defcon.html
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)