As the Internet continues to mature, users are faced with an increasingly hostile environment on the World Wide Web. Additionally, public WiFi networks continue to become more popular, hackers infiltrate corporate networks with regularity, and oppressive governments continue to intercept and modify their citizens' web traffic. The concept of using an untrusted network is becoming more familiar. Accordingly, it is no longer acceptable to design and build systems under the assumption that they will only operate in trusted environments, or that they are not important enough to warrant basic security measures. This thesis describes a relatively basic HTTP man-in-the-middle attack that results in arbitrary code execution. It demonstrates the ease with which users can be exploited when using systems that do not attempt to ensure their safety, and details the methods attackers can use to avoid detection. The goal of this methodology is twofold - to illustrate the consequences of such an attack, and to discover methods for mitigating such attacks using existing technologies and best practices.
Library of Congress Subject Headings
Computer networks--Security measures; Internet--Security measures; Computer crimes--Prevention
Department, Program, or Center
Department of Computing Security (GCCIS)
Adeloye, Brian, "HTTP man-in-the-middle code execution" (2013). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus