6 Jul 2025
The tail end of network security, plus the beginning of web security.
All students should complete parts 1 and 2 of this assignment. Graduate students should additionally complete part 3.
Part 1: Network security
-
Does your home network use NAT? Provide evidence to support your claim.
-
Use the Secure Shell (SSH) tool to create a SOCKS proxy for traffic forwarded over SSH to the University network via, e.g., garfield.cs.mun.ca.
-
How can you check that requests such as Web requests are, in fact, being proxied? Explain your steps.
-
Use this proxy to access a service that isn’t directly accessible from outside the University’s network (e.g., http://segrcsfgibson.engr.mun.ca). Explain the steps required and provide a screenshot.
-
Part 2: Cross-origin request sharing
-
Referring to the CORS documentation available from the Mozilla Developer Network, what are two HTTP headers relevant to CORS?
-
Use your browser’s developer tools to inspect this web page. What origins are involved in the delivery of this website?
-
Do any of the network resources fetched for this page disallow CORS?
Part 3: Cross-site scripting (ENGI 9823)
Create a simple website that is vulnerable to cross-site scripting or cross-site request forgery. Demonstrate how such an attack can be carried out.