CN109379338A - A kind of recognition methods of Web application system SessionID attack - Google Patents
A kind of recognition methods of Web application system SessionID attack Download PDFInfo
- Publication number
- CN109379338A CN109379338A CN201811096597.9A CN201811096597A CN109379338A CN 109379338 A CN109379338 A CN 109379338A CN 201811096597 A CN201811096597 A CN 201811096597A CN 109379338 A CN109379338 A CN 109379338A
- Authority
- CN
- China
- Prior art keywords
- user
- sessionid
- session
- web application
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of recognition methods of Web application system SessionID attack, user's checking creates SessionID after passing through, extract the information write-in characteristic database that Session includes, the each accession page of user carries out feature detection, then server end provides service to judgement safety, until conversation end deletes the information record that current sessions include in property data base.The present invention identifies whether Session is utilized by unauthorized user by combined authentication, verification checks that the information of each session request ensures that the SessionID of Web service system authentication authorization successful user is legal effectively, client ip or User-Agent, which change then to destroy in time, removes Session information, user's re-authentication login system is forced to generate new Session, effectively avoid user SessionID be stolen pretend to be after major safety risks are caused to operation system, safety is higher.
Description
Technical field
The present invention relates to the technical fields of the transmission of digital information, such as telegraph communication, in particular to a kind of to be taken using Web
What business device end SessionID and multi-factor authentication mechanism were attacked with the Web application system SessionID of effective detection blocking attack
Recognition methods.
Background technique
Important link for Web application security is not trust the data submitted from client easily, to be carried out
It could be used in a program after the necessary verifying of data.However, due to the statelessness of Http, in order to maintain from the same use
State between the different requests at family, client must send a unique identification identifier SessionID to show oneself
Identity.
SessionID forgery attack is a kind of attack pattern for Web application, and attacker is by monitoring, stealing, in advance
The means such as survey, Brute Force obtain an effective SessionID(identifier) after, so that it may imitate active user's
SessionID, the legitimate user that disguises oneself as carry out Session hijack attack, damage to Web application system.This is mentioned with front
To security doctrine disagree, resulting in Session is very fragile hidden danger in web application.
In the prior art, there are many ways to attacking after prevention SessionID is held as a hostage, Web program developer is according to answering
Following measure is generally taken in actual demand:
1, forbid transmitting the URL of SessionID in a manner of GET;
2, Cookie attribute is set as HttpOnly;
3, the Session out-of-service time is controlled;
4, other.
There are many ways to Session is currently safeguarded in Web environment, such as: setting URL parameter, Hidden field and Cookie,
Wherein, the maintenance based on Cookie is more commonly used also safer one kind, still, since SessionID is typically maintained in
In Cookie, after being stolen using the Cookie that the risk that Cookie can be generated is user, Web application will face serious session
It kidnaps and threatens.
Summary of the invention
Present invention solves the technical problem that being to prevent the mode attacked after SessionID is held as a hostage in the prior art still
There are great risks, and Session Hijack, which threatens, for Web application does not eliminate, and then provides a kind of Web of optimization
The recognition methods of application system SessionID attack.
The technical scheme adopted by the invention is that a kind of recognition methods of Web application system SessionID attack, described
Method the following steps are included:
Step 1: server end receives the Http request of user's sending;
Step 2: server end carries out account number cipher verifying to user, if authentication failed, request is invalid, and return step 1 is no
Then, it carries out in next step;
Step 3: server end creates SessionID;
Step 4: the letter that Session includes is extracted from the Cookie and server memory that client browser http request connects
Breath, write-in characteristic database;
Step 5: user accesses Web application page every time, carries out feature detection;If meeting the condition utilized by unauthorized user
Otherwise return step 2 carries out in next step;
Step 6: server end provides service;Judge whether user terminates to access, if so, carry out in next step, otherwise, return step
5;
Step 7: conversation end deletes the information record that current sessions include in property data base.
It preferably, include the User- of SessionID, user terminal IP address, Http request header in the property data base
Agent information and the character string A combined by SessionID, user terminal IP address and User-Agent information.
Preferably, the character string A is encrypted as B using hash function.
Preferably, the step 5 the following steps are included:
Step 5.1: user accesses Web application page every time, what acquisition was extracted from client browser Http request connection
The information that Session includes, the User-Agent information including SessionID, user terminal IP address and Http request header, group
Cooperation is character string C;
Step 5.2: by the Hash result of character string C compared with character string B, being utilized if it is different, then meeting by unauthorized user
Condition, return step 2, otherwise, i.e., Session is legal, carries out step 6.
The present invention provides a kind of Web application system SessionID of optimization attack recognition methods, server end to
Family creates SessionID after being verified, extract the information that Session includes, write-in characteristic database, and user accesses every time
Web application page will carry out feature detection, judge that then server end provides service to safety, until deleting feature after conversation end
The information record that current sessions include in database.Web server end of the invention passes through the User- in verifying Http request header
Agent and visiting IP address combined authentication mode identify whether the Session in Cookie or Url is utilized by unauthorized user,
The information of each session request is checked by verification, it is ensured that the SessionID of Web service system authentication authorization successful user is to close
Method is effective, after finding that client ip or User-Agent change, needs to destroy in time and removes Session information, force to use
Family re-authentication login system generates new Session in time, effectively avoid user SessionID be stolen pretend to be after to business
System causes major safety risks, and safety is higher.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, but protection scope of the present invention is not limited to
This.
The present invention relates to a kind of recognition methods of Web application system SessionID attack, and the method includes following steps
Suddenly.
Step 1: server end receives the Http request of user's sending.
Step 2: server end verifies user, if authentication failed, request is invalid, return step 1, otherwise, into
Row is in next step.
In the present invention, when logging in for the first time, the verifying that server end carries out user is carried out based on account and password, this
When the hashed value without Session session.
Step 3: server end creates SessionID.
Step 4: extracting Session from the Cookie and server memory that client browser http request connects includes
Information, write-in characteristic database.
It include the User-Agent letter of SessionID, user terminal IP address, Http request header in the property data base
Breath and the character string A combined by SessionID, user terminal IP address and User-Agent information.
The character string A is encrypted as B using hash function.
In the present invention, the session information of Session is acquired from http request head file.
In the present invention, SessionID is major key, is the session id that server end generates, and corresponds to Session presence
's.
In the present invention, the User-Agent information of Http request header is proxy information.
It is one by the character string A that SessionID, user terminal IP address and User-Agent information combine in the present invention
A non-encrypted information, needs to be encrypted as B by hash function.
In the present invention, character string A can be encrypted as by B using MD5, MD5 is a kind of common hash function algorithm.
Step 5: user accesses Web application page every time, carries out feature detection;If meeting the item utilized by unauthorized user
Then otherwise return step 2 carry out in next step part.
The step 5 the following steps are included:
Step 5.1: user accesses Web application page every time, what acquisition was extracted from client browser Http request connection
The information that Session includes, the User-Agent information including SessionID, user terminal IP address and Http request header, group
Cooperation is character string C;
Step 5.2: by the Hash result of character string C compared with character string B, being utilized if it is different, then meeting by unauthorized user
Condition, return step 2, otherwise, i.e., Session is legal, carries out step 6.
In the present invention, the information in request header will be extracted in each client browser http request to produce session and dissipate
Train value, and judge whether consistent with the hashed value of established session.
It is identical in the present invention, show the Session be it is legal effective, it is different then show the Session very likely
It is held as a hostage, user changes browser and only a few occurs the case where client.
Step 6: server end provides service;Judge whether user terminates to access, if so, carrying out in next step, otherwise, returns
Step 5.
Step 7: conversation end deletes the information record that current sessions include in property data base.
Server end of the invention creates SessionID after passing through to user's checking, extract the information that Session includes,
Write-in characteristic database, user accesses Web application page every time will carry out feature detection, judge that then server end provides safety
Service, until deleting the information record that current sessions include in property data base after conversation end.Web server end of the invention
By verifying Http request header in User-Agent and visiting IP address combined authentication mode identify in Cookie or Url
Whether Session is utilized by unauthorized user, the information of each session request is checked by verification, it is ensured that Web service system is recognized
The SessionID of card authorization successful user be it is legal effective, after finding that client ip or User-Agent change, need
It destroys in time and removes Session information, force user's re-authentication login system to generate new Session in time, effectively avoid
User SessionID is stolen pretend to be after major safety risks are caused to operation system, safety is higher.
Claims (4)
1. a kind of recognition methods of Web application system SessionID attack, it is characterised in that: the described method comprises the following steps:
Step 1: server end receives the Http request of user's sending;
Step 2: server end carries out account number cipher verifying to user, if authentication failed, request is invalid, and return step 1 is no
Then, it carries out in next step;
Step 3: server end creates SessionID;
Step 4: the letter that Session includes is extracted from the Cookie and server memory that client browser http request connects
Breath, write-in characteristic database;
Step 5: user accesses Web application page every time, carries out feature detection;If meeting the condition utilized by unauthorized user
Otherwise return step 2 carries out in next step;
Step 6: server end provides service;Judge whether user terminates to access, if so, carry out in next step, otherwise, return step
5;
Step 7: conversation end deletes the information record that current sessions include in property data base.
2. a kind of recognition methods of Web application system SessionID attack according to claim 1, it is characterised in that: institute
State in property data base include SessionID, user terminal IP address, Http request header User-Agent information and by
The character string A of SessionID, user terminal IP address and the combination of User-Agent information.
3. a kind of recognition methods of Web application system SessionID attack according to claim 2, it is characterised in that: institute
It states character string A and is encrypted as B using hash function.
4. a kind of recognition methods of Web application system SessionID attack according to claim 3, it is characterised in that: institute
State step 5 the following steps are included:
Step 5.1: user accesses Web application page every time, what acquisition was extracted from client browser Http request connection
The information that Session includes, the User-Agent information including SessionID, user terminal IP address and Http request header, group
Cooperation is character string C;
Step 5.2: by the Hash result of character string C compared with character string B, being utilized if it is different, then meeting by unauthorized user
Condition, return step 2, otherwise, i.e., Session is legal, carries out step 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811096597.9A CN109379338A (en) | 2018-09-19 | 2018-09-19 | A kind of recognition methods of Web application system SessionID attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811096597.9A CN109379338A (en) | 2018-09-19 | 2018-09-19 | A kind of recognition methods of Web application system SessionID attack |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109379338A true CN109379338A (en) | 2019-02-22 |
Family
ID=65405273
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811096597.9A Pending CN109379338A (en) | 2018-09-19 | 2018-09-19 | A kind of recognition methods of Web application system SessionID attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109379338A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110032862A (en) * | 2019-04-01 | 2019-07-19 | 中科天御(苏州)科技有限公司 | A kind of data dynamic protection method and device of anticollision library attack |
CN110493199A (en) * | 2019-07-26 | 2019-11-22 | 苏州浪潮智能科技有限公司 | A kind of method and apparatus for preventing internet Web from attacking |
CN111343191A (en) * | 2020-03-03 | 2020-06-26 | 浙江大华技术股份有限公司 | Session checking method and device, storage medium and electronic device |
CN113572793A (en) * | 2021-09-26 | 2021-10-29 | 苏州浪潮智能科技有限公司 | Access request capturing method and device, computer equipment and storage medium |
CN113839936A (en) * | 2021-09-14 | 2021-12-24 | 网宿科技股份有限公司 | Anti-theft method, electronic device and computer-readable storage medium |
CN113949560A (en) * | 2021-10-15 | 2022-01-18 | 海尔数字科技(青岛)有限公司 | Network security identification method, device, server and storage medium |
CN114629673A (en) * | 2021-08-20 | 2022-06-14 | 重庆数智逻辑科技有限公司 | Page control method and device, electronic equipment and computer readable storage medium |
CN115208617A (en) * | 2022-05-19 | 2022-10-18 | 上海格尔安全科技有限公司 | Web session detection method and device, computer equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105337990A (en) * | 2015-11-20 | 2016-02-17 | 北京奇虎科技有限公司 | User identity verification method and device |
US20180212965A1 (en) * | 2017-01-24 | 2018-07-26 | Box, Inc. | Method and system for secure cross-domain login |
-
2018
- 2018-09-19 CN CN201811096597.9A patent/CN109379338A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105337990A (en) * | 2015-11-20 | 2016-02-17 | 北京奇虎科技有限公司 | User identity verification method and device |
US20180212965A1 (en) * | 2017-01-24 | 2018-07-26 | Box, Inc. | Method and system for secure cross-domain login |
Non-Patent Citations (1)
Title |
---|
李莉等: "一种基于Web应用防火墙的主动安全加固方案", 《计算机工程与应用》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110032862A (en) * | 2019-04-01 | 2019-07-19 | 中科天御(苏州)科技有限公司 | A kind of data dynamic protection method and device of anticollision library attack |
CN110032862B (en) * | 2019-04-01 | 2022-12-16 | 中科天御(苏州)科技有限公司 | Dynamic data protection method and device for preventing database attack |
CN110493199A (en) * | 2019-07-26 | 2019-11-22 | 苏州浪潮智能科技有限公司 | A kind of method and apparatus for preventing internet Web from attacking |
CN111343191A (en) * | 2020-03-03 | 2020-06-26 | 浙江大华技术股份有限公司 | Session checking method and device, storage medium and electronic device |
CN111343191B (en) * | 2020-03-03 | 2022-08-16 | 浙江大华技术股份有限公司 | Session checking method and device, storage medium and electronic device |
CN114629673A (en) * | 2021-08-20 | 2022-06-14 | 重庆数智逻辑科技有限公司 | Page control method and device, electronic equipment and computer readable storage medium |
CN113839936A (en) * | 2021-09-14 | 2021-12-24 | 网宿科技股份有限公司 | Anti-theft method, electronic device and computer-readable storage medium |
CN113572793A (en) * | 2021-09-26 | 2021-10-29 | 苏州浪潮智能科技有限公司 | Access request capturing method and device, computer equipment and storage medium |
CN113949560A (en) * | 2021-10-15 | 2022-01-18 | 海尔数字科技(青岛)有限公司 | Network security identification method, device, server and storage medium |
CN113949560B (en) * | 2021-10-15 | 2023-10-27 | 卡奥斯数字科技(青岛)有限公司 | Network security identification method, device, server and storage medium |
CN115208617A (en) * | 2022-05-19 | 2022-10-18 | 上海格尔安全科技有限公司 | Web session detection method and device, computer equipment and storage medium |
CN115208617B (en) * | 2022-05-19 | 2024-04-05 | 上海格尔安全科技有限公司 | Web session detection method, device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109379338A (en) | A kind of recognition methods of Web application system SessionID attack | |
US7093291B2 (en) | Method and system for detecting and preventing an intrusion in multiple platform computing environments | |
US7231526B2 (en) | System and method for validating a network session | |
US7197568B2 (en) | Secure cache of web session information using web browser cookies | |
US8245030B2 (en) | Method for authenticating online transactions using a browser | |
JP4911018B2 (en) | Filtering apparatus, filtering method, and program causing computer to execute the method | |
CN106453361B (en) | A kind of security protection method and system of the network information | |
CN108259406B (en) | Method and system for verifying SSL certificate | |
CN108259619B (en) | Network request protection method and network communication system | |
CN101292496A (en) | Method and devices for carrying out cryptographic operations in a client-server network | |
CN108737110B (en) | Data encryption transmission method and device for preventing replay attack | |
CN109104432B (en) | Information transmission safety method based on JWT protocol | |
CN113536250B (en) | Token generation method, login verification method and related equipment | |
JP4698751B2 (en) | Access control system, authentication server system, and access control program | |
CN111464532A (en) | Information encryption method and system | |
CN114745202A (en) | Method for actively defending web attack and web security gateway based on active defense | |
CN117155716B (en) | Access verification method and device, storage medium and electronic equipment | |
CN112566121B (en) | Method for preventing attack, server and storage medium | |
CN114466353A (en) | App user ID information protection device and method, electronic equipment and storage medium | |
CN111669746B (en) | Protection system for information security of Internet of things | |
CN114039748A (en) | Identity authentication method, system, computer device and storage medium | |
KR100695489B1 (en) | Web service preservation system based on profiling and method the same | |
CN108494731B (en) | Anti-network scanning method based on bidirectional identity authentication | |
Namitha et al. | A Survey on Session Management Vulnerabilities in Web Application | |
KR100744603B1 (en) | Authentification method for packet level user by use of bio data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190222 |
|
RJ01 | Rejection of invention patent application after publication |