Abstract
As the Internet continues to mature, users are faced with an increasingly hostile environment on the World Wide Web. Additionally, public WiFi networks continue to become more popular, hackers infiltrate corporate networks with regularity, and oppressive governments continue to intercept and modify their citizens' web traffic. The concept of using an untrusted network is becoming more familiar. Accordingly, it is no longer acceptable to design and build systems under the assumption that they will only operate in trusted environments, or that they are not important enough to warrant basic security measures. This thesis describes a relatively basic HTTP man-in-the-middle attack that results in arbitrary code execution. It demonstrates the ease with which users can be exploited when using systems that do not attempt to ensure their safety, and details the methods attackers can use to avoid detection. The goal of this methodology is twofold - to illustrate the consequences of such an attack, and to discover methods for mitigating such attacks using existing technologies and best practices.
Library of Congress Subject Headings
Computer networks--Security measures; Internet--Security measures; Computer crimes--Prevention
Publication Date
5-30-2013
Document Type
Thesis
Department, Program, or Center
Department of Computing Security (GCCIS)
Advisor
Pan, Yin
Advisor/Committee Member
Raj, Rajendra
Advisor/Committee Member
Johnson, Daryl
Recommended Citation
Adeloye, Brian, "HTTP man-in-the-middle code execution" (2013). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/5536
Campus
RIT – Main Campus
Plan Codes
COMPSEC-MS
Comments
Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: TK5105.59 .A44 2013