How to fully control the session? and see WebSocket hijacking (1)

Source: Internet
Author: User
Keywords WebSockets cross-station hijacking
Tags application applications apt apt attack browser channel continuous control
WebSockets is a HTML5 feature that provides a Full-duplex channel to a single TCP connection. Its continuous connection function makes it possible to build a B/S mode real-time application. WebSockets are often used in Web applications with chat capabilities. The following picture is very apt to illustrate the websockets:498 of a apt attack this.width=498 ' onmousewheel = ' javascript:return big (This) ' border= ' 0 ' alt= "How to fully control the session?" and see WebSocket Hijacking "src=" http://s7.51cto.com/wyfs02/M01/56/CE/wKiom1SOcOzDbFqFAABeWE7xsH4767.jpg " Width= "525" height= "375"/> Popular Science: Homology strategy (Mahouve origin policy): Homology means, domain name, protocol, port is the same, that is, browser will check the same browser in different tabs, the same source script to execute across the tab. Origin field: The browser may add a origin field when sending a POST request, and the Origin field is primarily used to identify where the initial request originated. If the browser is unsure where the source is, the value of the Origin field in the sent request is empty. Ironwasp: An open source Web test platform, users can customize the security scan, and can use Python/ruby to define the plug-in system. See also: Http://www.freebuf.com/tools/32948.htmlZAP (Zed Attack Proxy): A penetration testing framework that integrates various tools to uncover vulnerabilities in Web applications, see: HTTP ://www.freebuf.com/tools/5427.htmlwebsocket security Assessment Recently, we have made a security assessment of a Web application with complex menu options and functions. Most of the operations in this application are web-sockets, which means that most of their behavior is not recorded on the HTTP proxy log. First, after we open the homepage, the website will load a static web page with JS script and CSS file. Thereafter, the entire communication interaction is converted to WebSockets mode, and a websocket connection is established between the browser and the server to load all the visible HTML resources in the site. When you click the link or submit form form, the browser sends some WebSocket messages to the server. After the server has processed the messages, feedback is made through WebSocket, and the client browser displays the new HTML content. When the WebSocket message is interacting, the number of communications is enormous. Each second they have a heartbeat probe packet interaction. However, the existing tools did not reach my requirements, I had to add a WebSocket message analyzer and a websocket client to ironwasp so that it could recognize WebSocket and try to fuzz its vulnerabilities. You can learn about it here. In testing this application, I found that there was a WebSocket Cross station hijacking (cross-site WebSocket hijacking) Vulnerability (pioneered by Christian Schneider). Of course, I'll explain the impact of this vulnerability before I introduce you to the test methods. Before testing the relevant websockets applications, we need to prepare them first. 1 2 3 next page >> view full-text navigation page 1th: WebSocket Security Assessment page 2nd: WebSocket cross-station Hijacking vulnerability Experiment Preparation 3rd: Online test Tools Original: How to control the session fully? and see WebSocket Cross Station hijacking (1) Back to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.