Fri 4 Aug @ 18:00

Optional: the tail end of network security, plus the beginning of web security.

This assignment is optional. If you complete it, I’ll take the best three out of four assignment marks for the course.

All students who wish to submit this assignment should complete parts 1 and 2. Graduate students should additionally complete part 3.

Part 1: Virtual private networks

Use the Secure Shell (SSH) tool to create a SOCKS proxy for traffic forwarded over SSH to the University network via, e.g., garfield.cs.mun.ca.

  1. How can you check that requests such as Web requests are, in fact, being proxied? Explain your steps.

  2. Use this proxy to access a service that isn’t directly accessible from outside the University’s network (e.g., http://segrmallory.engr.mun.ca). Explain the steps required and provide a screenshot.

Part 2: Cross-origin request sharing

  1. Referring to the CORS documentation available from the Mozilla Developer Network, what are two HTTP headers relevant to CORS?

  2. Use your browser’s developer tools to inspect this web page. What origins are involved in the delivery of this website?

  3. Do any of the network resources fetched for this page disallow CORS?

Part 3: Cross-site scripting (ENGI 9807)

Create a simple website that is vulnerable to cross-site scripting or cross-site request forgery. Demonstrate how such an attack can be carried out.