This attack utlizes a Rest(REpresentational State Transfer)-style
						applications' trust in the system resources and environment to place man in
						the middle once SSL is terminated. Rest applications premise is that they
						leverage existing infrastructure to deliver web services functionality. An
						example of this is a Rest application that uses HTTP Get methods and
						receives a HTTP response with a XML document. These Rest style web services
						are deployed on existing infrastructure such as Apache and IIS web servers
						with no SOAP stack required. Unfortunately from a security standpoint, there
						frequently is no interoperable identity security mechanism deployed, so Rest
						developers often fall back to SSL to deliver security. In large data
						centers, SSL is typically terminated at the edge of the network - at the
						firewall, load balancer, or router. Once the SSL is terminated the HTTP
						request is in the clear (unless developers have hashed or encrypted the
						values, but this is rare). The attacker can utilize a sniffer such as
						Wireshark to snapshot the credentials, such as username and password that
						are passed in the clear once SSL is terminated.