Browser DoS Attack and Defense Analysis of 12 lines of code

Browser DoS Attack and Defense Analysis of 12 lines of code

There is a 12-line JavaScript code that can crash firefox, chrome, and safari browsers, as well as restart the iphone and crash android, the author of this article analyzes and interprets the 12 lines of code and proposes corresponding defense methods. You are welcome to discuss them together.

Ajax and pjax

AJAX (AJAX), it's not about the AJAX club!

AJAX

AJAX (AJAX), that is, Asynchronous Javascript And XML (Asynchronous JavaScript And XML), is a technology used to create fast dynamic web pages. By performing a small amount of data exchange with the server in the background, AJAX can implement asynchronous updates on webpages. This means that you can update a part of the webpage without reloading the entire webpage.

However, ajax applications may also cause other problems, which may lead to the inability to move the browser forward and backward. This is a headache. Developers must increase the workload (for example, using a hidden iframe, or change location. hash Value.

To solve the problems brought about by traditional ajax, HTML5 introduces a new API: history. pushState. After it is combined with ajax, a new name is pjax. It is a new technology based on ajax + history. pushState, which can be used to change the content of a page and the URL of a page without any changes. Pjax is an ajax + pushState encapsulation that supports local storage, animation, and other functions. Currently, multiple versions such as jquery, qwrap, and kissy are supported.

AJAX2

HTML5.history. pushState

HTML5 can use the pushState and replaceState interfaces to operate the browser history and change the URL of the current page.

PushState adds a specified URL to the browser history to store the current historical record point. ReplaceState replaces the current URL with the specified URL. These methods work with the window. onpostate event.

History. pushState (data, title, url): adds a record to the top of the history record stack; data is passed as a parameter when the onpopstate event is triggered; title is the page title, this parameter is generally ignored by all browsers. The url is the page address. Optional. The default value is the current page address. Details:

State-object is a JavaScript state object. It is an additional object that records historical records. It can be empty. It relates to the new history entity created by the pushState () method. Used to store information about the entries you want to insert into history.

Title-this parameter is generally ignored by all browsers, although it may be used in the future. Currently, the safest way to use is to pass an empty string to prevent future changes, or you can pass a short title to indicate the state.

URL-this parameter is used to pass the URL of the new history object. The new url must be in the same domain as the existing url. Otherwise, pushState () will throw an exception. This parameter is optional. If it is null, It will be set to the current url of the document.

Twelve lines of code analysis

Twelve lines of code

There are twelve lines of code. The key point is the loop of the total url: history. pushState (1000000, total); constantly modifying the url, looping times, constantly adding records to the history stack, will lead to high CPU and memory usage and firefox, chrome, the safari browser crashes and can restart the iPhone.

Analysis result

In the XP Virtual Machine (i7 Single-core 3.4 GB, 512 memory) measured in person:

When the number of loops above is more than 100,000, the CPU and memory usage instantly reaches 100%, and then crashes. When the number of loops above is reduced to about 10000, the CPU, the memory usage gradually increases to 100% in about 20 seconds, and then crashes. When the number of previous cycles decreases to about 500, the CPU usage gradually increases to 100%, once again, it instantly restores to a stable State. The memory usage increases from around MB to around mb. After the page 192.168.56.106/12.html is opened, the link in the address bar becomes:
Http: // 192.168.56.106/0123456789101112131415161718192021 ...... 494495496497498499

 

It can be seen that when a record is added to the history record stack without stopping the loop, the page will refresh the new address to jump, which is a "pseudo address" accumulated by the loop ", when the length is exceeded, it will cause dos. The attack effect and efficiency depend entirely on the number of cycles and the tagret hardware configuration.

Related defense

I believe that everyone's security awareness is already very strong, but it is still necessary to make a sound alarm. Do not trust any information such as links, attachments, emails, and images sent to you by any stranger in any way, of course, it is not out of course that the friends of the base do not beat the friends of the prank, so the friends often remember to Ctrl + S, otherwise it will be very depressing to be killed.

Since its birth, the Internet has been exposed to hacker attacks, and early hacker attacks have carried the purpose of technical experimentation and show off, however, with the growth of global Internet infrastructure, the infinite growth of connections, and the rapid expansion of the number of users, the frequency of hacker attacks also increases accordingly, and the hacking technology is constantly evolving, the black industry chain has gradually emerged for illegal economic benefits. The technical level of protection against Internet security is even more advanced, and attacks and defense are happening every minute in the Internet era.

As a security expert behind the giants, aligreennet is responsible for maintaining the security of the entire network. Based on years of security defense research, lvmeng technology is applicable to detection and defense, security evaluation, security supervision, and security platform, provides customers with products and professional security services such as intrusion detection/protection, anti-Denial-of-Service attack, remote security assessment, and Web security protection. In June December 29, 2015, aligreennet technology served as the Chairman of the First China Network Security Industry Alliance. As a leading network security company, it provides core competitiveness security products and solutions to ensure the smooth operation of customers' business, maintain the security of the Internet.

Of course, the Internet is full of information security threats, network security protection, 7 points rely on technology, 3 points rely on awareness, to protect these problems, relying solely on the products and services of security vendors is far from enough, increasing awareness of network security cannot be ignored.
For example: pay attention to the management of personal passwords, the protection of personal privacy, the easy access to public wifi, the easy trust of unfamiliar/familiar friends links or files, and the security of mobile payment. the device is "streaking" and so on.