Exploitable Redirects on the Web: Identification, Prevalence, and Defense
暂无分享,去创建一个
Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this paper, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects.
[1] Norman M. Sadeh,et al. Learning to detect phishing emails , 2007, WWW '07.
[2] Xuxian Jiang,et al. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.
[3] Víctor Pàmies,et al. Open Directory Project , 2003 .