Practical audit advice you can use today.
# 17 : Man in the middle Web attacks using WPAD
In today's networked world, the vast majority of "work" that we do is done in a web browser. As it turns out, there's a very common configuration setting that creates enormous potential for serious information leakage or compromise in those very web browsers that we trust.

In this episode we take a look at a demonstration of the WPAD (Web Proxy Auto-Discovery) service and how it can be leveraged to compromise data, particularly on Windows computers. It is important to note that the actual browser being used is not important! All modern browsers support the WPAD protocol. If a hacker finds himself on a network with even one system configured in this way, he has an immediate attack vector that allows him to start intercepting data. Of course, if he can intercept data, there's no reason he can't inject data too! This is a perfect avenue for the injection of malicious Javascript and other exploits, though we will not explore that in the demo.

What's the answer to this problem? The answer is at the end of the episode or, if you don't want to wait, stop by the related show notes over at the SANS site for a quick explanation of what to look for: Screencast_icon

View All