[WEB SECURITY] Exploiting User-Agent XSS
lcamtuf at coredump.cx
Sun May 29 00:18:07 EDT 2011
> Are group members aware of some technique wherein attacker would force
> victim's browser to set some proxy temporarily which is controlled by
> attacker only?
If you control a proxy for HTTP traffic, why would you bother changing
U-A on the request, instead of just grabbing the cookies or injecting
your XSS payload into the response?
More information about the websecurity