Browsers limit how web sites can access the network. Historically, the web platform has limited web sites to HTTP, but HTTP is inefficient for a number of applicationsincluding chat and multiplayer gamesfor which raw socket access is more appropriate. Java, Flash Player, and HTML5 provide socket APIs to web sites, but we discover, and experimentally verify, attacks that exploit the interaction between these APIs and transparent proxies. At a cost of less than $1 per exploitation, our attacks poison the proxys cache, causing all clients of the proxy to receive malicious content supplied by the attacker. We then propose a modification of the HTML5 WebSocket protocol that resists these (and other) attacks. The WebSocket working group has adopted a variant of our proposal.
CITATION STYLE
Huang, L., Chen, E. Y., Barth, A., Rescorla, E., & Jackson, C. (2011). Talking to Yourself for Fun and Profit. Proceedings of W2SP, 1–11. Retrieved from http://websec.sv.cmu.edu/websocket/websocket.pdf
Mendeley helps you to discover research relevant for your work.