Help Irongeek.com pay for bandwidth and research equipment:
HTTP Covert channel using only HTML/CSS - Thomas Slota (BSides Tampa 2020) (Hacking Illustrated Series InfoSec Tutorial Videos)
HTTP Covert channel using only HTML/CSS
Thomas Slota
William York
BSides Tampa 2020
Abstract: A covert channel is a secretive communication channel that can bypass traditional security measures. They provide a means of communicating through mechanisms that are not intended for communication. In this paper, we propose a covert channel that utilizes only HTML and the CSS hover feature to transmit messages. To do this, we create a website with our covert channel on a web page and develop a tool that converts a plain ASCII message to hex, and based on the CSS hover locations, control the mouse to move to the hover locations. A manual implementation of this was explored. However, the manual transmission had a larger margin for error compared to program-driven mouse control. The covert channel takes advantage of the fact that this is a new CSS only mouse-tracking technique using the hover feature, which can bypass common tracking protections. The covert channel is hidden to blend in with the background of any given web page. Our results show that we can reliably transmit a message at a rate of 13 bytes per second utilizing the mouse control transmission tool.
Bio:
Slota:
Received a Bachelor's Degree from Rochester Institute of Technology in Computing Security in the Spring of 2019. Completed 3 Internships at Leidos Corporation focusing on Software Defined Networking. Currently I am a first year Computing Security Masters student at Rochester Institute of Technology with a focus in Malware
York:Student at RIT finishing my Bachelors degree in Computer Science and a Masters in Computer Security, graduating May 2020. Have done four work tours with the Department of Defense as a Software Engineer. .