CN109379338A - A kind of recognition methods of Web application system SessionID attack - Google Patents

A kind of recognition methods of Web application system SessionID attack Download PDF

Info

Publication number
CN109379338A
CN109379338A CN201811096597.9A CN201811096597A CN109379338A CN 109379338 A CN109379338 A CN 109379338A CN 201811096597 A CN201811096597 A CN 201811096597A CN 109379338 A CN109379338 A CN 109379338A
Authority
CN
China
Prior art keywords
user
sessionid
session
web application
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811096597.9A
Other languages
Chinese (zh)
Inventor
高峰岩
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811096597.9A priority Critical patent/CN109379338A/en
Publication of CN109379338A publication Critical patent/CN109379338A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of recognition methods of Web application system SessionID attack, user's checking creates SessionID after passing through, extract the information write-in characteristic database that Session includes, the each accession page of user carries out feature detection, then server end provides service to judgement safety, until conversation end deletes the information record that current sessions include in property data base.The present invention identifies whether Session is utilized by unauthorized user by combined authentication, verification checks that the information of each session request ensures that the SessionID of Web service system authentication authorization successful user is legal effectively, client ip or User-Agent, which change then to destroy in time, removes Session information, user's re-authentication login system is forced to generate new Session, effectively avoid user SessionID be stolen pretend to be after major safety risks are caused to operation system, safety is higher.

Description

A kind of recognition methods of Web application system SessionID attack
Technical field
The present invention relates to the technical fields of the transmission of digital information, such as telegraph communication, in particular to a kind of to be taken using Web What business device end SessionID and multi-factor authentication mechanism were attacked with the Web application system SessionID of effective detection blocking attack Recognition methods.
Background technique
Important link for Web application security is not trust the data submitted from client easily, to be carried out It could be used in a program after the necessary verifying of data.However, due to the statelessness of Http, in order to maintain from the same use State between the different requests at family, client must send a unique identification identifier SessionID to show oneself Identity.
SessionID forgery attack is a kind of attack pattern for Web application, and attacker is by monitoring, stealing, in advance The means such as survey, Brute Force obtain an effective SessionID(identifier) after, so that it may imitate active user's SessionID, the legitimate user that disguises oneself as carry out Session hijack attack, damage to Web application system.This is mentioned with front To security doctrine disagree, resulting in Session is very fragile hidden danger in web application.
In the prior art, there are many ways to attacking after prevention SessionID is held as a hostage, Web program developer is according to answering Following measure is generally taken in actual demand:
1, forbid transmitting the URL of SessionID in a manner of GET;
2, Cookie attribute is set as HttpOnly;
3, the Session out-of-service time is controlled;
4, other.
There are many ways to Session is currently safeguarded in Web environment, such as: setting URL parameter, Hidden field and Cookie, Wherein, the maintenance based on Cookie is more commonly used also safer one kind, still, since SessionID is typically maintained in In Cookie, after being stolen using the Cookie that the risk that Cookie can be generated is user, Web application will face serious session It kidnaps and threatens.
Summary of the invention
Present invention solves the technical problem that being to prevent the mode attacked after SessionID is held as a hostage in the prior art still There are great risks, and Session Hijack, which threatens, for Web application does not eliminate, and then provides a kind of Web of optimization The recognition methods of application system SessionID attack.
The technical scheme adopted by the invention is that a kind of recognition methods of Web application system SessionID attack, described Method the following steps are included:
Step 1: server end receives the Http request of user's sending;
Step 2: server end carries out account number cipher verifying to user, if authentication failed, request is invalid, and return step 1 is no Then, it carries out in next step;
Step 3: server end creates SessionID;
Step 4: the letter that Session includes is extracted from the Cookie and server memory that client browser http request connects Breath, write-in characteristic database;
Step 5: user accesses Web application page every time, carries out feature detection;If meeting the condition utilized by unauthorized user Otherwise return step 2 carries out in next step;
Step 6: server end provides service;Judge whether user terminates to access, if so, carry out in next step, otherwise, return step 5;
Step 7: conversation end deletes the information record that current sessions include in property data base.
It preferably, include the User- of SessionID, user terminal IP address, Http request header in the property data base Agent information and the character string A combined by SessionID, user terminal IP address and User-Agent information.
Preferably, the character string A is encrypted as B using hash function.
Preferably, the step 5 the following steps are included:
Step 5.1: user accesses Web application page every time, what acquisition was extracted from client browser Http request connection The information that Session includes, the User-Agent information including SessionID, user terminal IP address and Http request header, group Cooperation is character string C;
Step 5.2: by the Hash result of character string C compared with character string B, being utilized if it is different, then meeting by unauthorized user Condition, return step 2, otherwise, i.e., Session is legal, carries out step 6.
The present invention provides a kind of Web application system SessionID of optimization attack recognition methods, server end to Family creates SessionID after being verified, extract the information that Session includes, write-in characteristic database, and user accesses every time Web application page will carry out feature detection, judge that then server end provides service to safety, until deleting feature after conversation end The information record that current sessions include in database.Web server end of the invention passes through the User- in verifying Http request header Agent and visiting IP address combined authentication mode identify whether the Session in Cookie or Url is utilized by unauthorized user, The information of each session request is checked by verification, it is ensured that the SessionID of Web service system authentication authorization successful user is to close Method is effective, after finding that client ip or User-Agent change, needs to destroy in time and removes Session information, force to use Family re-authentication login system generates new Session in time, effectively avoid user SessionID be stolen pretend to be after to business System causes major safety risks, and safety is higher.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, but protection scope of the present invention is not limited to This.
The present invention relates to a kind of recognition methods of Web application system SessionID attack, and the method includes following steps Suddenly.
Step 1: server end receives the Http request of user's sending.
Step 2: server end verifies user, if authentication failed, request is invalid, return step 1, otherwise, into Row is in next step.
In the present invention, when logging in for the first time, the verifying that server end carries out user is carried out based on account and password, this When the hashed value without Session session.
Step 3: server end creates SessionID.
Step 4: extracting Session from the Cookie and server memory that client browser http request connects includes Information, write-in characteristic database.
It include the User-Agent letter of SessionID, user terminal IP address, Http request header in the property data base Breath and the character string A combined by SessionID, user terminal IP address and User-Agent information.
The character string A is encrypted as B using hash function.
In the present invention, the session information of Session is acquired from http request head file.
In the present invention, SessionID is major key, is the session id that server end generates, and corresponds to Session presence 's.
In the present invention, the User-Agent information of Http request header is proxy information.
It is one by the character string A that SessionID, user terminal IP address and User-Agent information combine in the present invention A non-encrypted information, needs to be encrypted as B by hash function.
In the present invention, character string A can be encrypted as by B using MD5, MD5 is a kind of common hash function algorithm.
Step 5: user accesses Web application page every time, carries out feature detection;If meeting the item utilized by unauthorized user Then otherwise return step 2 carry out in next step part.
The step 5 the following steps are included:
Step 5.1: user accesses Web application page every time, what acquisition was extracted from client browser Http request connection The information that Session includes, the User-Agent information including SessionID, user terminal IP address and Http request header, group Cooperation is character string C;
Step 5.2: by the Hash result of character string C compared with character string B, being utilized if it is different, then meeting by unauthorized user Condition, return step 2, otherwise, i.e., Session is legal, carries out step 6.
In the present invention, the information in request header will be extracted in each client browser http request to produce session and dissipate Train value, and judge whether consistent with the hashed value of established session.
It is identical in the present invention, show the Session be it is legal effective, it is different then show the Session very likely It is held as a hostage, user changes browser and only a few occurs the case where client.
Step 6: server end provides service;Judge whether user terminates to access, if so, carrying out in next step, otherwise, returns Step 5.
Step 7: conversation end deletes the information record that current sessions include in property data base.
Server end of the invention creates SessionID after passing through to user's checking, extract the information that Session includes, Write-in characteristic database, user accesses Web application page every time will carry out feature detection, judge that then server end provides safety Service, until deleting the information record that current sessions include in property data base after conversation end.Web server end of the invention By verifying Http request header in User-Agent and visiting IP address combined authentication mode identify in Cookie or Url Whether Session is utilized by unauthorized user, the information of each session request is checked by verification, it is ensured that Web service system is recognized The SessionID of card authorization successful user be it is legal effective, after finding that client ip or User-Agent change, need It destroys in time and removes Session information, force user's re-authentication login system to generate new Session in time, effectively avoid User SessionID is stolen pretend to be after major safety risks are caused to operation system, safety is higher.

Claims (4)

1. a kind of recognition methods of Web application system SessionID attack, it is characterised in that: the described method comprises the following steps:
Step 1: server end receives the Http request of user's sending;
Step 2: server end carries out account number cipher verifying to user, if authentication failed, request is invalid, and return step 1 is no Then, it carries out in next step;
Step 3: server end creates SessionID;
Step 4: the letter that Session includes is extracted from the Cookie and server memory that client browser http request connects Breath, write-in characteristic database;
Step 5: user accesses Web application page every time, carries out feature detection;If meeting the condition utilized by unauthorized user Otherwise return step 2 carries out in next step;
Step 6: server end provides service;Judge whether user terminates to access, if so, carry out in next step, otherwise, return step 5;
Step 7: conversation end deletes the information record that current sessions include in property data base.
2. a kind of recognition methods of Web application system SessionID attack according to claim 1, it is characterised in that: institute State in property data base include SessionID, user terminal IP address, Http request header User-Agent information and by The character string A of SessionID, user terminal IP address and the combination of User-Agent information.
3. a kind of recognition methods of Web application system SessionID attack according to claim 2, it is characterised in that: institute It states character string A and is encrypted as B using hash function.
4. a kind of recognition methods of Web application system SessionID attack according to claim 3, it is characterised in that: institute State step 5 the following steps are included:
Step 5.1: user accesses Web application page every time, what acquisition was extracted from client browser Http request connection The information that Session includes, the User-Agent information including SessionID, user terminal IP address and Http request header, group Cooperation is character string C;
Step 5.2: by the Hash result of character string C compared with character string B, being utilized if it is different, then meeting by unauthorized user Condition, return step 2, otherwise, i.e., Session is legal, carries out step 6.
CN201811096597.9A 2018-09-19 2018-09-19 A kind of recognition methods of Web application system SessionID attack Pending CN109379338A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811096597.9A CN109379338A (en) 2018-09-19 2018-09-19 A kind of recognition methods of Web application system SessionID attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811096597.9A CN109379338A (en) 2018-09-19 2018-09-19 A kind of recognition methods of Web application system SessionID attack

Publications (1)

Publication Number Publication Date
CN109379338A true CN109379338A (en) 2019-02-22

Family

ID=65405273

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811096597.9A Pending CN109379338A (en) 2018-09-19 2018-09-19 A kind of recognition methods of Web application system SessionID attack

Country Status (1)

Country Link
CN (1) CN109379338A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032862A (en) * 2019-04-01 2019-07-19 中科天御(苏州)科技有限公司 A kind of data dynamic protection method and device of anticollision library attack
CN110493199A (en) * 2019-07-26 2019-11-22 苏州浪潮智能科技有限公司 A kind of method and apparatus for preventing internet Web from attacking
CN111343191A (en) * 2020-03-03 2020-06-26 浙江大华技术股份有限公司 Session checking method and device, storage medium and electronic device
CN113572793A (en) * 2021-09-26 2021-10-29 苏州浪潮智能科技有限公司 Access request capturing method and device, computer equipment and storage medium
CN113839936A (en) * 2021-09-14 2021-12-24 网宿科技股份有限公司 Anti-theft method, electronic device and computer-readable storage medium
CN113949560A (en) * 2021-10-15 2022-01-18 海尔数字科技(青岛)有限公司 Network security identification method, device, server and storage medium
CN114629673A (en) * 2021-08-20 2022-06-14 重庆数智逻辑科技有限公司 Page control method and device, electronic equipment and computer readable storage medium
CN115208617A (en) * 2022-05-19 2022-10-18 上海格尔安全科技有限公司 Web session detection method and device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105337990A (en) * 2015-11-20 2016-02-17 北京奇虎科技有限公司 User identity verification method and device
US20180212965A1 (en) * 2017-01-24 2018-07-26 Box, Inc. Method and system for secure cross-domain login

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105337990A (en) * 2015-11-20 2016-02-17 北京奇虎科技有限公司 User identity verification method and device
US20180212965A1 (en) * 2017-01-24 2018-07-26 Box, Inc. Method and system for secure cross-domain login

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李莉等: "一种基于Web应用防火墙的主动安全加固方案", 《计算机工程与应用》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032862A (en) * 2019-04-01 2019-07-19 中科天御(苏州)科技有限公司 A kind of data dynamic protection method and device of anticollision library attack
CN110032862B (en) * 2019-04-01 2022-12-16 中科天御(苏州)科技有限公司 Dynamic data protection method and device for preventing database attack
CN110493199A (en) * 2019-07-26 2019-11-22 苏州浪潮智能科技有限公司 A kind of method and apparatus for preventing internet Web from attacking
CN111343191A (en) * 2020-03-03 2020-06-26 浙江大华技术股份有限公司 Session checking method and device, storage medium and electronic device
CN111343191B (en) * 2020-03-03 2022-08-16 浙江大华技术股份有限公司 Session checking method and device, storage medium and electronic device
CN114629673A (en) * 2021-08-20 2022-06-14 重庆数智逻辑科技有限公司 Page control method and device, electronic equipment and computer readable storage medium
CN113839936A (en) * 2021-09-14 2021-12-24 网宿科技股份有限公司 Anti-theft method, electronic device and computer-readable storage medium
CN113572793A (en) * 2021-09-26 2021-10-29 苏州浪潮智能科技有限公司 Access request capturing method and device, computer equipment and storage medium
CN113949560A (en) * 2021-10-15 2022-01-18 海尔数字科技(青岛)有限公司 Network security identification method, device, server and storage medium
CN113949560B (en) * 2021-10-15 2023-10-27 卡奥斯数字科技(青岛)有限公司 Network security identification method, device, server and storage medium
CN115208617A (en) * 2022-05-19 2022-10-18 上海格尔安全科技有限公司 Web session detection method and device, computer equipment and storage medium
CN115208617B (en) * 2022-05-19 2024-04-05 上海格尔安全科技有限公司 Web session detection method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109379338A (en) A kind of recognition methods of Web application system SessionID attack
US7093291B2 (en) Method and system for detecting and preventing an intrusion in multiple platform computing environments
US7231526B2 (en) System and method for validating a network session
US7197568B2 (en) Secure cache of web session information using web browser cookies
US8245030B2 (en) Method for authenticating online transactions using a browser
JP4911018B2 (en) Filtering apparatus, filtering method, and program causing computer to execute the method
CN106453361B (en) A kind of security protection method and system of the network information
CN108259406B (en) Method and system for verifying SSL certificate
CN108259619B (en) Network request protection method and network communication system
CN101292496A (en) Method and devices for carrying out cryptographic operations in a client-server network
CN108737110B (en) Data encryption transmission method and device for preventing replay attack
CN109104432B (en) Information transmission safety method based on JWT protocol
CN113536250B (en) Token generation method, login verification method and related equipment
JP4698751B2 (en) Access control system, authentication server system, and access control program
CN111464532A (en) Information encryption method and system
CN114745202A (en) Method for actively defending web attack and web security gateway based on active defense
CN117155716B (en) Access verification method and device, storage medium and electronic equipment
CN112566121B (en) Method for preventing attack, server and storage medium
CN114466353A (en) App user ID information protection device and method, electronic equipment and storage medium
CN111669746B (en) Protection system for information security of Internet of things
CN114039748A (en) Identity authentication method, system, computer device and storage medium
KR100695489B1 (en) Web service preservation system based on profiling and method the same
CN108494731B (en) Anti-network scanning method based on bidirectional identity authentication
Namitha et al. A Survey on Session Management Vulnerabilities in Web Application
KR100744603B1 (en) Authentification method for packet level user by use of bio data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190222

RJ01 Rejection of invention patent application after publication