Inter-Protocol Communication
Interprotocol communication involves creating a communication channel between two different protocols. Why do we care?
Wade Alcorn released a paper recently where he demonstrates exploiting a “contrived program… using JavaScript [encapsulating the] exploit within an HTTP request.”
I find this idea absolutely mind blowing, even though exploitation of multi-layered or more complex protocols may be alot more difficult. Can you imagine a network propogating worm using XSS and a shellcode payload encapsulated in an HTTP request.
We first saw port scanning and CSRF exploitation from the browser. Now the possibility of inter-protocol exploitation over HTTP. Nice work Wade.
The protocol communication is a good idea. There are some
issues regarding protocol communication.But still its good.
You can look into the issues as End Point Malfeasance.
http://zeroknock.metaeye.org/mlabs/endpointmal.html
Its a talk.
[…] and you have yourself a nice hole through any firewall. Even before RSnake, hackathology, and dk of BlogSecurity/MichaelDaw picked up on the Inter-protocol topic, there was already early discussion on RSnake’s blog […]