Doppelganger: The Web's Evil Twin

Presented at DEF CON 17 (2009), Aug. 1, 2009, 5:30 p.m. (20 minutes)

Users and administrators alike surf the web assuming that, for the most part, what they are looking at is what the website served to their browser; however, an attacker can deploy a malicious proxy, altering responses and requests, as well as potentially stealing sensitive data, all without a user being aware. In this presentation I will discuss some of the attacks that a hacker can use when deploying a malicious proxy. Additionally, I will discuss Doppelganger, a tool that I've written to expedite some of the discussed techniques, its current capabilities, future additions, and more.

Presenters:

• Edward Zaborowski - Senior Security Engineer, Apptis
  Edward Zaborowski started working in the computer security field when he enlisted in the US Air Force. During his enlistment he had the opportunity to help provide a wide array of security services such as intrusion detection, penetration testing, and incident response. He separated from the USAF in 2001 to continue his career in computer security and is currently working as a senior security engineer for Apptis based in Chantilly, VA. When not he's not delving into security, he also enjoys as hobbies programming and video games (or programming video games) and can usually be found pwning or being pwned -- usually the latter -- in Call of Duty or DotA.

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Zaborowski
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - Edward Zaborowski - Doppleganger The Webs Evil Twin - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=qSQAhnk9tJY

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Browser Pivoting (FU2FA)
• DEF CON 15 (2007) / Black Ops 2007: Design Reviewing The Web
• DEF CON 14 (2006) / A Tale of Two Proxies