Inter-Protocol Communication

Posted by dk
March 22, 2007

Interprotocol communication involves creating a communication channel between two different protocols. Why do we care?

Wade Alcorn released a paper recently where he demonstrates exploiting a “contrived program… using JavaScript [encapsulating the] exploit within an HTTP request.”

I find this idea absolutely mind blowing, even though exploitation of multi-layered or more complex protocols may be alot more difficult. Can you imagine a network propogating worm using XSS and a shellcode payload encapsulated in an HTTP request.

We first saw port scanning and CSRF exploitation from the browser. Now the possibility of inter-protocol exploitation over HTTP. Nice work Wade.

News

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comment by zeroknock on 27 March 2007 @ 1:03 pm

The protocol communication is a good idea. There are some
issues regarding protocol communication.But still its good.

You can look into the issues as End Point Malfeasance.

http://zeroknock.metaeye.org/mlabs/endpointmal.html

Its a talk.

Pingback by Ajax Security opens up a whole new can of worms | tssci security on 17 December 2007 @ 3:42 pm

[...] and you have yourself a nice hole through any firewall.  Even before RSnake, hackathology, and dk of BlogSecurity/MichaelDaw picked up on the Inter-protocol topic, there was already early discussion on RSnake’s blog [...]

Leave a comment

(required)

(required)