A Network Forensics System Bypassing Web Local Encryption Businesses

Abstract:

Article Preview

Sniffer and MITM attack can do nothing to local encryption, which is a new technology, because the plaintext is merely encrypted in user’s browser. Therefore, this paper proposed a clever way to bypass local encryption to achieve the goal of network forensics, based on the idea of MITM attack. A middle device is added to the key point of the network in which the forensics is realized through hijacking and tampering with HTML pages. The system redirects the IP packet to another computer in LAN by hijacking the real IP of the server. That computer fakes the real web server, and then by inserting some code in HTML page, the unencrypted plaintext is got before the code of local encryption been executed. The results show that the object is not aware of the existence of the forensics system, but the system has logged all the information of a HTTP request, including the plaintext bypassed local encryption.

Info:

Periodical:

Key Engineering Materials (Volumes 426-427)

Edited by:

Dunwen Zuo, Hun Guo, Guoxing Tang, Weidong Jin, Chunjie Liu and Chun Su

Pages:

494-498

DOI:

10.4028/www.scientific.net/KEM.426-427.494

Citation:

P. Li et al., "A Network Forensics System Bypassing Web Local Encryption Businesses", Key Engineering Materials, Vols. 426-427, pp. 494-498, 2010

Online since:

January 2010

Export:

Price:

$35.00

In order to see related information, you need to Login.

In order to see related information, you need to Login.