Talking to Yourself for Fun and Profit
Browsers limit how web sites can access the network. Historically, the web platform has limited web sites to HTTP, but HTTP is inefficient for a number of applications - including chat and multiplayer games - for which raw socket access is more appropriate. Java, Flash Player, and HTML5 provide socket APIs to web sites, but the authors discover, and experimentally verify, attacks that exploit the interaction between these APIs and transparent proxies. At a cost of less than $1 per exploitation, their attacks poison the proxy's cache, causing all clients of the proxy to receive malicious content supplied by the attacker.