Doppelganger: The Web's Evil Twin

DEF CON 17

Presented by: Dino Dai Zovi
Date: Saturday August 01, 2009
Time: 17:30 - 17:50
Location: Turbo/Breakout Track
Track: Turbo/Breakout

Users and administrators alike surf the web assuming that, for the most part, what they are looking at is what the website served to their browser; however, an attacker can deploy a malicious proxy, altering responses and requests, as well as potentially stealing sensitive data, all without a user being aware.

In this presentation I will discuss some of the attacks that a hacker can use when deploying a malicious proxy. Additionally, I will discuss Doppelganger, a tool that I've written to expedite some of the discussed techniques, its current capabilities, future additions, and more.

Edward Zaborowski

<strong>Edward Zaborowski</strong> started working in the computer security field when he enlisted in the US Air Force. During his enlistment he had the opportunity to help provide a wide array of security services such as intrusion detection, penetration testing, and incident response. He separated from the USAF in 2001 to continue his career in computer security and is currently working as a senior security engineer for Apptis based in Chantilly, VA.<br /><br /> When not he's not delving into security, he also enjoys as hobbies programming and video games (or programming video games) and can usually be found pwning or being pwned -- usually the latter -- in Call of Duty or DotA.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats