74
Advanced Topics – Log Spoofing
•Carefully crafted messages can fool the human eye
•
•May be used to frame the innocent, or to hide the nature of the attack
•
•Uses CR, LF, BS characters
•
•Example: hiding the true nature of the request in Apache log:
• /cgi-bin/test-cgi.bat?x=y# (BS) ... (BS) /index.html
No notes for this slide