|
|
|
|
|
|
by ndsipa_pomu
576 days ago
|
|
|
> limited to non-HTTPS-mandatory browser APIs at that Another trick that could easily be pulled by a malicious ISP/wifi provider is to insert a redirect into the HTTP page to go to an HTTPS site controlled by the attacker (presumably with some semi-related name so as to not seem suspicious to the user) and to then bypass non-HTTPS restrictions in the browser. |
|
|