Cross-port Cookie Theft and Solutions

Most websites use cookies to save the login status after login. If you can get the cookies of others, you can access the website as an identity. if you get the Administrator's Cookie, you can access a website as an administrator. When a Cookie meets the following three rules, this Cookie will be sent: The domain name of the website is the same as the domain name required by the Cookie. The path of the webpage is the same as the path required by the Cookie. The connection method of the webpage (HTTP/HTTPS) same as Cookie requirements! There are no port-related requirements! That is to say, the browser thinks http://www.bkjia.com /And http://www.bkjia.com : 1234/is the same website on http://www.bkjia.com /Set the Cookie. http://www.bkjia.com : 1234/hour will also be sent. This means that if you can create a Web server on another port on the corresponding ip address of www.2cto.com, and cheat the administrator of www.2cto.com to access your Web server, then you can steal the Administrator's Cookie and access the website as an administrator to enter the background. if www.2cto.com is hosted on a public virtual host server, it will be very simple. You can buy a virtual host on the same server, or even try it out. Create a Web server on another port. Of course, most low-end host vendors in China may not provide this function. Well, now you have built a Web server on port 1234 on the server where www.2cto.com is located, and wrote a script to record cookies. You only need to cheat the administrator of www.2cto.com to access http://www.bkjia.com : 1234/can he access other people's addresses at will, and it looks strange? In fact, you can do a very concealed job. You can go to his website and post a post (if it is a forum) or comment (if it is a blog) and send an address http://www.bkjia.com : 1234/xxoo.png. The image is automatically loaded when the webpage is opened, and xxoo.png is the Cookie recording script you write. as a result, few people will check the addresses of each image on the webpage... -------------------------------- Solution: it is not very difficult to avoid such attacks. 1. do not share servers with others. Purchase independent servers and IP addresses. this is the simplest solution, as long as you have money 2. the whole website uses the HTTPS protocol and sets cookies to be sent only over HTTPS. It must be said that HTTPS is very effective to avoid information leakage. But the SSL certificate is very expensive .... Solution 3. When CDN is used, CDN is equivalent to a proxy. You need to direct your domain name to CDN, while CDN generally only opens port 80, and communication on other ports will be discarded.