02-09-2017, 02:50 PM
Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine and observe all the information entered in the forms by the victim. Web Spoofing works in both main browsers and is not avoided through "secure" connections. The attacker can view and modify all web pages and forms submissions, even when the browser's "secure connection" indicator is on. The user does not see any indication that something is wrong.
The attack is implemented using JavaScript and Web server plug-ins, and works in two parts. First, the attacker causes a browser window to be created on the victim machine, with part of the normal state and menu information replaced by identical-looking components provided by the attacker. The attacker then causes all Web pages destined for the victim's machine to be routed through the attacker's server. On the attacker's server, the pages are rewritten in such a way that their appearance does not change at all, but any action taken by the victim (such as clicking on a link) would be logged by the attacker. In addition, any attempt by the victim to load a new page would cause the newly loaded page to be routed through the attacker's server, so the attack would continue on the new page.
The attack is implemented using JavaScript and Web server plug-ins, and works in two parts. First, the attacker causes a browser window to be created on the victim machine, with part of the normal state and menu information replaced by identical-looking components provided by the attacker. The attacker then causes all Web pages destined for the victim's machine to be routed through the attacker's server. On the attacker's server, the pages are rewritten in such a way that their appearance does not change at all, but any action taken by the victim (such as clicking on a link) would be logged by the attacker. In addition, any attempt by the victim to load a new page would cause the newly loaded page to be routed through the attacker's server, so the attack would continue on the new page.