GeeCON Prague 2014*
The moose likes Security and the fly likes How Eavesdropper gain access to the copy of http request Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "How Eavesdropper gain access to the copy of http request" Watch "How Eavesdropper gain access to the copy of http request" New topic
Author

How Eavesdropper gain access to the copy of http request

Nawed Shaikh
Greenhorn

Joined: Mar 12, 2013
Posts: 8
I was reading Head first book on servlets and jsp . I can clearly understand how SSL is used for data confidential and integrity but what i was not able to understand was that how can an eavesdropper gain copy of the HTTP request of the victim?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42046
    
  64
It's possible to observe network traffic of the entire network you're on; that's actually rather easy if you're technically savvy. The "network you're on" could be 1) everybody in your office, 2) every customer of an internet cafe where you connect via Wifi, 3) everyone of your family who connects to the same Wifi base station at your home. #2 -where there may be people with nefarious intentions- is why you need to be very careful what you send via Wifi from a public hotspot - use SSL for web sites and email as much as possible.


Ping & DNS - my free Android networking tools app
Nawed Shaikh
Greenhorn

Joined: Mar 12, 2013
Posts: 8
Thank you for your reply. Although i expected some examples but it was satisfactory answer
Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2383
    
  28

There are no examples, because AFAIK, core Java doesn't provide an API that will help you implement packet sniffers. I think the original creators of Java wanted to stay away for allowing people to implement hacking programs in Java. You can implement a eavesdropper using languages like C++ that let you call the OS directly. There are libraries available that are implemented in C++ and can be called from JNI. It's not hard to find something that you can use to implement a packet sniffer in Java.

At the wire level, the way data is passed around on the internet is more or less very similar to how kids pass notes in class. One kid writes a note, folds it and passes it to his/her neighbor. That kid passes it to the next and so on until it reaches the destination. Kids rely on a code of honor that says that you will not peek. However, there is nothing secure about the note. Within a LAN , the communication is very similar to how people communicate in a family gatherings:- Ideally, everyone sits around the table and people take turns talking. Everyone can hear what the talker is saying. They just ignore what is being said if they are not interested.
 
GeeCON Prague 2014
 
subject: How Eavesdropper gain access to the copy of http request