‘Windows PHP Socket Hijack Toolset’

Summary

Credit:

‘The information has been provided by SECFORCE.
The original article can be found at: http://www.secforce.co.uk/media/demos/PHP_socket_hijacking_demo.html
To keep updated with the tool visit the project’s homepage at: http://www.secforce.co.uk/media/tools/socket_attack.zip


Details

‘Due to a problem in the way Apache binds itself to port 80 on Windows machines allows the PHP environment running under Apache to gain access to the information being sent to port 80, which in turn can be leveraged to preform man-in-the-middle attacks.

This problem is exploited by the PHP tool linked below.

For more information about this issue see:
Abusing PHP Sockets for Fun and Profit

Categories: Tools