Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing

Data from over 200 Pen Tests Shows Most Common Vulnerabilities. Learn more now.

This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla source, we have implemented techniques that protect a wide variety browser-user communications, that require little participation by the user and minimal disruption of the displayed server content. We have prepared shell scripts that install these modifications on the Mozilla source, to enable others to replicate this work.

Download the paper in PDF format here.