HTML5 Security risk Analysis of the second: Web storage attack

HTML5 supports WebStorage, developers can create local storage for the app and store some useful information. For example, Localstorage can be long-term storage, and storage space is very large, is generally 5M, greatly solves the previously can only use cookies to store the data of small capacity, access inconvenience, easy to be cleared. This feature provides a great deal of flexibility for the client.

I. Introduction of WebStorage

HTML5 supports WebStorage, developers can create local storage for the app and store some useful information. For example, Localstorage can be long-term storage, and storage space is very large, is generally 5M, greatly solves the previously can only use cookies to store the data of small capacity, access inconvenience, easy to be cleared. This feature provides a great deal of flexibility for the client.

Ii. mode of attack

Localstorage APIs are provided through JavaScript so that attackers can steal information, such as user tokens or data, through XSS attacks. Attackers can use the following script to traverse Local storage.

1. 01.if (localstorage.length) {
2. (I in Localstorage) {
3. Console.log (i);
4. Console.log (Localstorage.getitem (i));
5. 05.}
6. 06.}

At the same time, Localstorage is not the only way to expose local information. We now have a lot of developers have a bad habit, for convenience, put a lot of key information in global variables, such as user name, password, mailbox and so on. The fact that data is not in the right scope poses a serious security problem, for example, we can use the following script to traverse global variables to get information.

• 01.for (iin window) {
• obj=Window[i];
• if (obj!=null| | obj!=undefined)
• *. var type =typeof (obj);
• if (type== "Object" | | type== "string") {    
• Console.log ("Name:" +i);
• . try {
• . my = json.stringify (obj);
• Console.log (my);
• Ten.} catch (ex) {}
• 11.}
• 12.}

Third, attack tools

Html5dump is defined as "Javascriptthat dump all HTML5 local storage", which also outputs HTML5 sessionstorage, global variables, localstorage, and local database storage.

Iv. the way of defence

The defensive measures for webstorage attacks are:

1. Put the data in the appropriate scope

For example user SessionID do not use localstorage storage, but need to put in sessionstorage. The user data should not be stored in global variables, but should be placed in temporary variables or local variables.

2. Do not store sensitive information

Because we don't always know if there are any security issues on the page, don't store important data in WebStorage.

HTML5 Security risk Analysis of the second: Web storage attack