A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Browser Pivoting (FU2FA) - Raphael Mudge Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Browser Pivoting (FU2FA) - Raphael Mudge
Derbycon 2013

Description: Let’s do a magic trick. Take one proxy server, make it fulfill requests through a browser’s communication API. Inject said proxy server into a target’s browser. What happens, you ask? Through this proxy, you transparently inherit your target’s identity on the web and can surf to sites they’ve already authenticated to. Browser Pivoting is a man-in-the-browser attack that gets past two-factor user authentication and other protection measures. This talk will demonstrate browser pivoting, discuss how it works, and speak to how an attacker can inherit identity… when they know the right place to hook in.

Bio: Raphael Mudge is the founder and Principal at Strategic Cyber LLC. His company’s software, Cobalt Strike, helps pen testers and red teams emulate advanced threats.

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast