Network Security
What is Cookie?
Cookies, sometimes in the form of cookies, are the data (usually encrypted) stored on the user's local terminal for some websites to identify users and track sessions ). Defined in rfc2109 (obsolete). The latest replacement specification is rfc2965.
Cookie was first invented in March 1993 by Lou montulli, a former employee of Netscape.
The cookies server is currently stored in your computer's data (.txt text file), so that the server can identify your computer. When you are browsing the website, the web server will first send a small piece of information to your computer, and cookies will help you record the text or some choices on the website. When you visit the same website next time, the web server will first check whether there are any cookies left by the Web server. If so, the web server will judge the user based on the cookies, send specific webpage content to you. Merchants can obtain user information from cookies, such as products they like.
Cookie is a small text file stored on your machine when you browse a website. It records your user ID, password, browsed web page, stay time, and other information. When you come to the website again, the website reads cookies and obtains your related information, for example, you are welcome to the text on the page, or you do not need to enter your ID or password to log on directly.
Most of the content in cookies is encrypted, so it seems that they are only meaningless combinations of letters and numbers, and only the CGI handler on the server can understand their true meaning.
Cookies are always stored on the client, which can be divided into memory cookies and hard disk cookies.
The memory cookie is maintained by the browser and stored in the memory. It disappears after the browser is closed, and its existence time is short. The hard disk cookie is stored in the hard disk and has an expiration time. The hard disk cookie will not be deleted unless it is manually cleared or reached the expiration time, and its existence time is long-term. Therefore, the time of existence can be divided into non-persistent cookies and persistent cookies.
Cookie type
1. session cookies are valid only during the session period, that is, they will be deleted by the browser when the browser is closed. To set session cookies, do not set expires when creating cookies.
2. Persistent cookie persistent cookies will take effect in user sessions for a long time as the name suggests. If you set the max-age attribute of the cookie to one month, the cookie will be contained in each HTTP request of the relevant URL in this month. therefore, it can record a lot of user initialization or custom information, such as when to log on for the first time and weak logon status.
3. Secure cookie Security cookie is a form of cookie accessed over HTTPS to ensure that the cookie is always encrypted when it is transmitted from the client to the server. This greatly reduces the probability that the cookie content is directly exposed to hackers and stolen.
4. HTTPOnly cookie
Cookies set to HTTPOnly can only be transmitted on HTTP (https) requests. That is to say, HTTPOnly cookie is invalid for the client scripting language (JavaScript), thus avoiding JS stealing cookies during cross-site attacks. When you use JavaScript to set a cookie with the same name, only the original HTTPOnly value will be transmitted to the server. (Invalid document. Cookie)
5. Third-party cookies
It is planted under different domain names in the browser address bar. For example, when a user accesses a.com, a cookie. Advertisement is set on ad.google.com.
6. Super cookie is a cookie that sets the public domain name prefix. Generally, a. B .com cookies can be set at a. B .com and B .com, but not. Com.
7. zombie cookie botnets are cookies that cannot be deleted and will be automatically rebuilt. botNet cookies are dependent on other local storage methods, such as flash Share Object and HTML5 local storages. After a user deletes a cookie, the system automatically reads the backup of the cookie from other local storage and resends the cookie.
Cookie usage
1. session management
Recording the user's logon status is the most common use of cookies. Generally, the web server issues a signature after the user successfully logs on to mark the validity of the session. This removes the need for multiple user authentication and website logon.
Record the user's access status, such as navigation and user registration process
2. Personalized Information
Used to remember user-related information, so that users can conveniently use their own site services. For example, ptlogin will remember the QQ number of the user who logged on last time, so that the QQ number will be filled in by default during the next login.
It is used to remember some user-defined functions. When setting custom features, the user only saves them in the user's browser. During the next access, the server will display the user's settings based on the user's local cookies. For example, Google saves the search settings (the language used, the number of entries per page, and the way the search results are opened) in a cookie.
3. record user behavior
Record the operation rate and loss rate of a user's click stream and a product or business behavior
Cookie Security
1. Cookie Spoofing
Cookies record the user's account ID, password, and other information. If it is transmitted online, it is usually encrypted using the MD5 method. In this way, even if the encrypted information is intercepted by some ulterior motives on the internet, it cannot be understood because it only displays meaningless letters and numbers. However, the problem is that the person who intercepts cookies does not need to know the meaning of these strings. They only need to submit others' cookies to the server and can pass the verification, they can pretend to be victims and log on to the website. This method is called Cookie spoofing.
Cookie spoofing is implemented only when the server verification program has a vulnerability and the impersonator needs to obtain the cookie information of the impersonator. At present, it is very difficult for the website's validators to exclude all illegal logins. For example, the language used to compile the validators may have vulnerabilities. In addition, it is easy to obtain others' cookies. You can write a short piece of code in a language that supports cookies (For details, refer to 3). You only need to put this code on the network, all cookies can be collected. If a Forum allows HTML code or allows flash tags, you can use these technologies to collect cookie code and put it in the forum. Then, you can give the post an attractive topic and write interesting content, A large number of cookies can be collected soon. on the Forum, many people have stolen their passwords. As for how to prevent it, there is no specific medicine yet. We can only use the usual protection methods. Do not use important passwords in forums, or use the IE function to automatically save passwords, and try not to log on to a website that does not know the details.
2. flash code hazards
Flash has a geturl () function. Flash can use this function to automatically open a specified webpage. Therefore, it may direct you to a website containing malicious code. For example, when you enjoy the exquisite Flash animation on your computer, the code in the animation frame may have been quietly connected to the Internet, and opened a very small page containing special code. This page can collect your cookies or do other things, such as planting trojans on your machine or even formatting your hard disk. For flash, websites cannot be banned because it is an internal action of Flash files. What we can do is try to open the firewall if you are browsing locally. If the firewall prompts that packets sent to the outside are not known to you, it is best to disable it. If you want to enjoy it on the internet, you 'd better find some well-known big websites.
How to disable browser cookies
You can change the browser settings to use or disable cookies.
Microsoft Internet Explorer
Tools> Internet Options> adjust the slider on the privacy page or click "advanced" to set the slider.
Mozilla Firefox
Tools> Options> privacy (note: in Linux, the following operations are performed: Edit> preferences> privacy, while in MAC: Firefox> Properties> privacy)
View Source Page set cookies option set to block/allow cookies in various domains view cookies Management window, Check Existing cookie information, select to delete or block them
Apple Computer Safari
Safari> preset> security tag select the following options always
Accept cookies and never accept cookies
How to delete flash cookies:
1. Click the start button of the operating system and then click Control Panel ".
2. Click "Flash Player" in the open "Control Panel ".
3. In the open "Flash Player settings manager", select "Storage" and click "delete all.
4. Finally, select "delete all site data and settings" and click "delete data.
Accept cookies
This option is set only from the site you are visiting (for example, do not accept advertisements from other sites.
You can display and delete any cookies that reside in your browser at any time.
Netscape "Preference \ Advanced \ cookies" has three options in the displayed window. Select "disablecookies" to disable cookies. in IE, select "View"/"Internet Options"/"advanced" and find "cookies" in the window that appears, select "Disable all cookies" to disable cookies.
If Konqueror does not set the cookie list, remember to add "." Before the domain name, for example ., Otherwise, Baidu will not read the cookie (for KDE 3.3 ).