This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Sniffing application traffic attack"
From OWASP
(→Related Vulnerabilities) |
|||
| Line 15: | Line 15: | ||
==Related Vulnerabilities== | ==Related Vulnerabilities== | ||
| − | * [[Failure to | + | * [[Failure to encrypt data]] |
==Related Countermeasures== | ==Related Countermeasures== | ||
Revision as of 18:43, 12 August 2006
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
Sniffing application traffic simply means that the attacker is able to view network traffic and will try to steal credentials, confidential information, or other sensitive data.
Anyone with physical access to the network, whether it is switched or via a hub, is likely able to sniff the traffic. (See dsniff and arpspoof tools). Also, anyone with access to intermediate routers, firewalls, proxies, servers, or other networking gear may be able to see the traffic as well.
Examples
Related Threats
Related Attacks
Related Vulnerabilities
Related Countermeasures
- [[SSL][
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
