A Server Solution for Cookie-Stealing-Based XSS Attacks
Jhen-Li Wang, Shih-Jen Chen, Chia-Hao Lee, Fu-Hau Hsu
CSIE@NCU – ADLab,Networks & Multimedia Institute For Information Industry
Stored XSS Reflected XSSStored XSS Reflected XSS
X S S
How to defend XSS?
We do this…
Modify KERNEL
Finish. And wait for next.
sys_read do_sock_read sock_recvmsg
inet_recvmsgtcp_recvmsgskb_copy_
datagram_iovec
memcpy_toiovec copy_to_user
Web Server
Application
Cookie VerifierCookie Verifier
Cookie AbstractorCookie Abstractor
CookieCleanerCookieCleaner
Payload CollectorPayload Collector
Packet
User mode
Kernel mode
CookieTable
捉封包資料
捉 cookie, source IP, 算時間
比對 cookie 和 IP檢查 table node 的時間 , 看是否須清除
(Hash table) 儲存 cookie(key), IP, 時間
Finish. And wait for next.
Non-persistent cookie, 77
Persistent cookie; 3
26%
10%
17%
3%
18%
26%
Non-persistent Cookie Name
PHPSESSID
JSESSIONID
ASP.NET_SessionId
.ASPXAUTH
ASPSESSIONID+8bits random
User-defined
原系統 修改過後的系統
總時間 (秒 ) 6.989 8.1561
每次平均時間 (秒 ) 0.006989 0.0081561
Overhead 0.16699(16.699%)
Top Related