Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures - UTU Tutkimustietojärjestelmä

A4 Vertaisarvioitu artikkeli konferenssijulkaisussa

Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures

Tekijät: Sampsa Rauti, Ville Leppänen

Toimittaja: Boris Rachev, Angel Smrikarov

Konferenssin vakiintunut nimi: International Conference on Computer Systems and Technologies

Kustannuspaikka: New York, NY

Julkaisuvuosi: 2012

Kokoomateoksen nimi: CompSysTech '12: Proceedings of the 13th International Conference on Computer Systems and Technologies

Aloitussivu: 251

Lopetussivu: 258

ISBN: 978-1-4503-1193-9

DOI: https://doi.org/10.1145/2383276.2383314

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/3091546

Tiivistelmä

As the web pages today rely on Ajax and JavaScript, a larger attack surface becomes available. This paper presents in detail several different man-in-the-browser attacks against Ajax applications. We implemented browser extensions for Mozilla Firefox to demonstrate these attacks and their effectiveness. Some countermeasures to mitigate the problem are also considered. We conclude that man-in-the-browser attacks are a serious threat to online applications and there are only partial countermeasures to alleviate the problem.

Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

mitb.pdf