Skip to main content
Journal Article

Talking to Yourself for Fun and Profit

  • Huang L
  • Chen E
  • Barth A
  • et al.
Proceedings of W2SP (2011) 1-11
N/ACitations
Citations of this article
45Readers
Mendeley users who have this article in their library.

Abstract

Browsers limit how web sites can access the network. Historically, the web platform has limited web sites to HTTP, but HTTP is inefficient for a number of applicationsincluding chat and multiplayer gamesfor which raw socket access is more appropriate. Java, Flash Player, and HTML5 provide socket APIs to web sites, but we discover, and experimentally verify, attacks that exploit the interaction between these APIs and transparent proxies. At a cost of less than $1 per exploitation, our attacks poison the proxys cache, causing all clients of the proxy to receive malicious content supplied by the attacker. We then propose a modification of the HTML5 WebSocket protocol that resists these (and other) attacks. The WebSocket working group has adopted a variant of our proposal.

Cite

CITATION STYLE

APA

Huang, L., Chen, E. Y., Barth, A., Rescorla, E., & Jackson, C. (2011). Talking to Yourself for Fun and Profit. Proceedings of W2SP, 1–11. Retrieved from http://websec.sv.cmu.edu/websocket/websocket.pdf

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free