Post on 15-Mar-2016
description
A Server Solution for Cookie-Stealing-Based XSS Attacks
Jhen-Li Wang, Shih-Jen Chen, Chia-Hao Lee, Fu-Hau Hsu
CSIE@NCU – ADLab,Networks & Multimedia Institute For Information Industry
sys_read do_sock_read sock_recvmsg
inet_recvmsgtcp_recvmsgskb_copy_
datagram_iovec
memcpy_toiovec copy_to_user
Web Server
Application
Cookie Verifier
Cookie Abstractor
CookieCleaner
Payload Collector
Packet
User modeKernel mode
CookieTable
捉封包資料
捉 cookie, source IP, 算時間
比對 cookie 和 IP 檢查 table node 的時間 , 看是否須清除
(Hash table) 儲存 cookie(key), IP, 時間
26%
10%
17%
3%
18%
26%
Non-persistent Cookie Name
PHPSESSID
JSESSIONID
ASP.NET_SessionId
.ASPXAUTH
ASPSESSIONID+8bits random
User-defined