Brian Adeloye


As the Internet continues to mature, users are faced with an increasingly hostile environment on the World Wide Web. Additionally, public WiFi networks continue to become more popular, hackers infiltrate corporate networks with regularity, and oppressive governments continue to intercept and modify their citizens' web traffic. The concept of using an untrusted network is becoming more familiar. Accordingly, it is no longer acceptable to design and build systems under the assumption that they will only operate in trusted environments, or that they are not important enough to warrant basic security measures. This thesis describes a relatively basic HTTP man-in-the-middle attack that results in arbitrary code execution. It demonstrates the ease with which users can be exploited when using systems that do not attempt to ensure their safety, and details the methods attackers can use to avoid detection. The goal of this methodology is twofold - to illustrate the consequences of such an attack, and to discover methods for mitigating such attacks using existing technologies and best practices.

Library of Congress Subject Headings

Computer networks--Security measures; Internet--Security measures; Computer crimes--Prevention

Publication Date


Document Type


Department, Program, or Center

Department of Computing Security (GCCIS)


Pan, Yin

Advisor/Committee Member

Raj, Rajendra

Advisor/Committee Member

Johnson, Daryl


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: TK5105.59 .A44 2013


RIT – Main Campus

Plan Codes