Fri 29 Jul @ 18:00

The tail end of network security, plus the beginning of web security.

Complete parts 1 and 2. Graduate students should additionally complete part 3.

Part 1: Virtual private networks

(to be completed after the VPNs lecture)

Use the Secure Shell (SSH) tool to create a SOCKS proxy for traffic forwarded over SSH to the University network via, e.g., garfield.cs.mun.ca.

  1. How can you check that requests such as Web requests are, in fact, being proxied? Explain your steps.

  2. Use this proxy to access a service that isn’t directly accessible from outside the University’s network (e.g., http://tony.engr.mun.ca). Explain the steps required and provide a screenshot.

Part 2: Cross-origin request sharing

(to be completed after the lecture on cross-site scripting)

  1. Referring to the CORS documentation available from the Mozilla Developer Network, what are two HTTP headers relevant to CORS?

  2. Use your browser’s developer tools to inspect this web page. What origins are involved in the delivery of this website?

  3. Do any of the network resources fetched for this page disallow CORS?

Part 3: Cross-site scripting

Create a simple website that is vulnerable to cross-site scripting or cross-site request forgery. Demonstrate how such an attack can be carried out.