Content Sniffing

Content Sniffing also knew as “Media Type Sniffing” or “Multipurpose Internet Mail Extensions (MIME) Sniffing”. It is the practice of inspecting the content of a byte stream to attempt to deduce the file format of the data within it. It can be useful to determine an asset’s correct file format; it can also cause a security vulnerability.

Content sniffing was a technique used by some web browsers to examine the content of a particular asset. This purpose of determining an asset’s file format. This technique is useful in the event there is not enough metadata information present for a particular asset, leaving the possibility that the browser interprets the asset incorrectly.

This sniffing vulnerability can be quite dangerous both for site owners as well as visitors. An attacker can leverage Content Sniffing to send an XSS attack.

Content Sniffing vulnerabilities can occur when a website allows users to upload data to the server. The vulnerability comes into play when an attacker disguises an HTML file as a different file type.

Figure: Content Sniffing

Prevent Content Sniffing Vulnerabilities:

There are given some ways to avoid these kinds of sniffing attacks.

Implement the use of the X-Content-Type-Options: nosniff HTTP header. This header is Internet Explorer and Chrome-specific and forces the browser to disable Content Sniffing. i.e.: Internet Options > Security > Custom level > Miscellaneous > Enable MIME Sniffing > Disable

As an alternative method to avoid XSS attacks due to Content Sniffing, it is suggested to use a separate sub-domain to host and deliver all user uploaded content. So will help ensure that none of the uploaded content will come in contact with the primary web application domain.

These two suggestions mentioned only help improve the security of the website and its visitors.

Any Cyber Security query :

Leave a Comment

Your email address will not be published. Required fields are marked *

three × five =