H
H
Hermes2021-05-12 11:14:53
Cryptography
Hermes, 2021-05-12 11:14:53

How is HTTP traffic intercepted within websites?

It is considered a necessary security practice to use an SSL certificate within the site. If you work via HTTP, the browser sends information to the server in clear text (for example: bank cards), and it can be intercepted by attackers.

But when searching, I did not find information anywhere on how this can be implemented. How can an attacker "get into" our interaction with the server?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
V
Vladimir Korotenko, 2021-05-12
@firedragon

For example, a megaphone beeline and Rostelecom insert their own banner. In fact, the dpi piece of iron does this, of course, not only that. Physically, at the L7 osi level, a parser works that inserts its data. However, dpi also works at lower levels and can change packets. See ipchains device and manuals like transparent proxy for how it's done.

V
Vindicar, 2021-05-12
@Vindicar

An attacker can break in if he can physically or logically break into your network connection.
On the part of providers, this is DPI (deep packet inspection), which analyzes packets and can do everything from blocking a page to wedging banners.
On the part of intruders, these are attacks like "free wifi here" (we raise an access point, we sniff traffic through it).
There are also logical options - i.e. somehow force the victim to use the attacker's proxy. From attacks on existing networks (for example, ARP Poisoning), through hacking and flashing home routers, and to social messages like "you can protect yourself from hackers with one click, all you need is ..."

C
cicatrix, 2021-05-12
@cicatrix

As an attacker, I can:
1. Inject malware onto your machine
2. Hack your router
3. If you are on a local network, I can listen to your traffic on the way to the gateway
4. If you are using Wi-Fi, it is even easier to do this
5. Send you a phishing link
6. Interception can be done at the ISP
...
100500 more ways
A packet from your machine to a web server can go through dozens of connections and at each link in this chain you can intercept / redirect / modify unencrypted traffic.
PS True, if the malware is on your machine, then it's too late to drink Borjomi.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question