Hijacking Web 2.0 Sites with SSLstrip and SlowLoris — Sam Bowne and RSnake at Defcon 17

Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool.

SlowLoris is a new denial of service attack developed by RSnake.

Both exploits are explained and demonstrated.

Slides, handouts, and detailed instructions for these attacks are available at:
http://samsclass.info/defcon.html