Cross-site Scripting has always been one of the common Web-based methods. attacks generally hijack user sessions and obtain private keys. How to hijack this session?
I. Sniffer (the software used here is Sniffer, the one in java)
Sniffer listeners are not protected, just like the cosmic phantom of Ralf In KOF. If hit, it must be fatal.
It is a group of listening data, of course, it is listening for the data of my local machine. In fact, it can listen on LAN or even the data on the wide area network.
Obtain a group of hexadecimal values. You can use the following code to obtain the value:Copy codeThe Code is as follows: string bytestr = "";
String [] byteArray = bytestr. Split ('');
Byte [] B = new byte [byteArray. Length];
For (int I = 0; I <byteArray. Length; I ++ ){
B [I] = Convert. ToByte (byteArray [I], 16 );
}
String msg = Encoding. UTF8.GetString (B );
Console. WriteLine (msg );
Console. Read ();
The bytestr variable is placed as a hexadecimal string. In addition, the encoding used here is UTF-8, and the actual application should match the website encoding. This experiment was conducted in the blog garden. The name of the cookie in the logon status of the blog is ". DottextCookie ".
In firefox, log out of the blog Park, switch to the firebug console, and use the command line to type document. cookie = '. dottextCookie = ******; ', then refresh the page and see what? It is currently logged on! In fact, in session hijacking, the value of the logon cookie is generally used, regardless of whether it is encrypted or not.
Ii. Cross-origin Scripting
In addition to browser vulnerabilities or ARP spoofing, cross-origin scripting attacks generally require two elements. The primary element is that the attacked website needs to be able to customize html code (except for exploiting vulnerabilities, script is generally supported ). By using document. cookie on the client, you can get the cookie value and analyze it to find the required key-value pair. The attack can be completed. Here we will not discuss how to save information across domains.
For example, you can run the following code:Copy codeThe Code is as follows: HttpCookie cookie = new HttpCookie ("mmmm", "vvvvvvvvvv ");
Response. Cookies. Add (cookie );
Implements cookie writing. On the page under this domain, if I have the permission to set a page containing scripts, the attack can be implemented.Copy codeThe Code is as follows: <script>
Document. write (document. cookie );
</Script>
The above code is a simple output. If I send the intercepted document. cookie to the place where I can save the data, I can get a lot of useful information. This completes the cross-origin scripting attack.
Iii. Other attack methods
Other attack methods only need to get the cookie, whether you use flash or other methods.
4. What can be prevented and what cannot be prevented
I just introduced that the Sniffer method is inevitable. How can we prevent script attacks? Users are prohibited from using scripts. Many websites do this. If you must use the scripts, you need to make special settings on cookies. In dotnet, you can perform the following operations:Copy codeThe Code is as follows: HttpCookie cookie = new HttpCookie ("mmmm", "vvvvvvvvvv ");
Cookie. HttpOnly = true;
Response. Cookies. Add (cookie );
In this way, the client will not be able to access the cookie of this key-value pair, so that others will not be able to obtain key data even if they can use scripts to intercept sessions.