Result
All URL’s in the rewritten page now point to www.attacker.org: if the
victim follows a link, the page will again be fetched through the
attacker’s server. Thus, the victim is trapped in the false Web. This also
applies when filling in forms; forms are encoded in Web requests and
replies are ordinary in HTML. SSL does not prevent this: one does have
’secure Web access’ but goes through false Web.
No comments:
Post a Comment