
can force IE to return sensitive information, including cookies and authenti-
cated session information. Combined with domain restriction bypass attacks,
which are frequent in browsers, a malicious site or URL could be crafted for
phishers to steal your data or hijack your session. To this day, many financial
institutions, e-commerce sites, and Web-based bulletin boards (blog sites)
that allow TRACE by default.
The final method, CONNECT, is simply designed for proxy communication
when you’re establishing a tunnel. Whenever you’re using a proxy to browse the
Web, it’s very likely you are using the CONNECT method to communicate
with the proxy.
All in all, ...