CN106161453B - A kind of SSLstrip defence method based on historical information - Google Patents

A kind of SSLstrip defence method based on historical information Download PDF

Info

Publication number
CN106161453B
CN106161453B CN201610579448.2A CN201610579448A CN106161453B CN 106161453 B CN106161453 B CN 106161453B CN 201610579448 A CN201610579448 A CN 201610579448A CN 106161453 B CN106161453 B CN 106161453B
Authority
CN
China
Prior art keywords
page
user
configuration file
request
webpage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610579448.2A
Other languages
Chinese (zh)
Other versions
CN106161453A (en
Inventor
陈丹伟
别宜东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201610579448.2A priority Critical patent/CN106161453B/en
Publication of CN106161453A publication Critical patent/CN106161453A/en
Application granted granted Critical
Publication of CN106161453B publication Critical patent/CN106161453B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The defence method for SSLstrip attack that the invention discloses a kind of based on historical information, initially set up detected rule, the configuration file for the secure site that all users browsed is created by detected rule, and the accurate service condition of the website is contained in configuration file.Then default attacker successfully realizes MITM, establishes go-between's detector, and using this configuration file and detected rule, once the page is distorted by go-between's malice, system can identify and notify user that there are the connections for preventing attacker while network attack.Finally establish private data tracking module, be inserted into JavaScript code into login page, detect in logging request whether include plaintext private information, prevent the leakage of private information with this.The present invention can protect user and attacked from SSLstrip by the detection to client request and server response contents, and the certificate of user is protected to steal from means, improve safety and reliability when user accesses website.

Description

A kind of SSLstrip defence method based on historical information
Technical field
The defence method for SSLstrip attack that the present invention relates to a kind of based on historical information, belongs to network security skill Art field.
Background technique
Ssl protocol works on TCP/IP, and information encryption, authentication can be provided for the application program on upper layer and is disappeared The identification service whether breath is modified, so that the communication between user and server can upload in reliable, safe channel It is defeated, additionally, due to it independently of the application program on upper layer, so that its range used is also very extensive, it is all based on WEB's Application program can carry out reliable transmission by ssl protocol, very convenient.
SSL/TLS agreement has always been considered as the safety with password grade, however to their deployment realization and ordinary user To their usage behavior but to tend to this agreement dangerous, it is this it is dangerous be likely to the network user is allowed to receive it is great The network attack of threat, wherein man-in-the-middle attack is exactly a kind of attack pattern of great risk, to the safety band of SSL/TLS Carry out serious destruction.
Man-in-the-middle attack is a kind of indirect Network Intrusion, and this attack mode is by various technological means by invader One computer virtual of control is placed between two communication computers in network connection, and the computer that this is controlled is just Referred to as " go-between ".Then invader is " go-between " computer simulation Cheng Yitai or two primitive compuers, enable with Computer in real session establishes the information for being flexibly connected and read or distort transmitting, the primitive compuer user of actual communication But think that they are communicated with legal terminal, this attack pattern is difficult to be found.Nowadays, hacking technique increasingly When mostly applying to obtain economic interests, attack becomes most dangerous to Internetbank, network game, online transaction etc. and most destructive A kind of attack pattern.The technologies such as ARP deception, DNS deception are all typical attack means.
The common man-in-the-middle attack method for HTTPS agreement has:
1. key forgery attack SSLsniff:
HTTPS session based on WEB uses ssl protocol, any to have signature card due to the defects of SSL verification process The go-between of book and corresponding private key can cheat other any users, to discover in client browser and server nothing In the case where, realize the server authentication distorted and pass through SSL to server certificate.
It is a kind of commonplace man-in-the-middle attack that key, which is forged and attacked, intercepts and captures client request in gateway, pretends to be server The request for responding user sends the certificate of forgery, while it can pretend to be user end to server to send request message again, in Between people set up a bridge between clients and servers.All communication is all forwarded by go-between's host.And it takes It is engaged in there is no direct communication truly between device, client, server, client can not all know internuncial deposit ?.Go-between can not only eavesdrop server, the communication of client can also be transmitted to again other side to the change of information, thus real Now further attack.
2. downgrade attacks SSLstrip:
The attack is not based on any program-sensitive error but whole system and application method based on security website.Cause It is all directly to knock in URL and seldom add protocol type in front when using browser for majority of network user, even if originally It should be secure connection also not prefixing.From the plaintext page toward the transition of the encryption page often by the redirection of server.Such as Fruit attacker attacks, so that it may pass through the agreement or page stripping from plaintext before these information are forwarded to user there This transition is prevented from these transitional links.Due to having removed all information, all data that should originally encrypt are existing It can be all presented in face of attacker in the form of plaintext the browser of user, such as the email accounts of user, bank's account Family and credit clip pin for on-line payment.
It is Publication No. CN103685298A, entitled " a kind of based on deep-packet detection for the above man-in-the-middle attack The invention of SSL man-in-the-middle attack discovery method " is by carrying out feature inspection to user and the received http header of server It surveys to judge whether attack occurs, and issues attack alarm in time, prevent user from further being lost.But this method is related to Http message is analyzed, and sets standards of grading, is then repeatedly surveyed respectively under normal condition and by attack condition Examination, scores, in this, as the standard of judgement attack.The standard of scoring is subjective, is difficult unification, affects a wide range of A possibility that use.
Summary of the invention
Present invention aims at the deficiencies for being directed to existing defense technique, propose a kind of being directed to based on historical information The defence method of SSLstrip attack.The characteristics of this method is attacked for SSLstrip constructs a kind of server end of not needing Cooperate the mean of defense also not dependent on Third Party Authentication.This method constructs a Client Agent module, the proxy module Create the configuration file for the secure site that all users browsed.The accurate use of the website is contained in configuration file Situation.Using this configuration file and a set of detected rule, once the page is distorted by go-between's malice, system can be identified Come and notifies user that there are the connections for preventing attacker while network attack.
The technical scheme adopted by the invention is that a kind of defence method for SSLstrip attack based on historical information, Include the following steps:
Step 1) establishes detected rule;
Step 1.1) establishes HTTP Moved message detection rule;
Step 1.2) establishes JavaScript safety detection rule;
Step 1.3) establishes Iframe tags detected rule;
Step 1.4) establishes Http Form detected rule;
Step 2) generates configuration file;
Step 2.1) user accesses common normal website by proxy module;
Step 2.2) proxy module obtains the response of browse request and server;
Step 2.3) page analyzer analyzes the key component of webpage, identifies data and attribute, generates current web page Configuration file;
If step 2.4) webpage is to access for the first time, 2.5 are gone to step, otherwise goes to step 3;
Step 2.5) JavaScript pretreatment is done identical JS request twice, and is compared to data block twice, Create the template of a constant part for data block different piece and record position and the length of dynamic part, by information record into Webpage configuration file;
The configuration file of the webpage is inputted configuration files database by step 2.6);
Step 2.7) the configuration file is transmitted to user as the initial configuration file of the page;
Step 3) establishes go-between's detector;
Step 3.1) default attacker successfully realizes MITM, has attacked a wireless network and has become the net of the network It closes, on this basis, all requests and response of any host are all checked or modified by it in wireless network;
Step 3.2) user accesses server using browser from wireless network;
If step 3.3) logging request goes to step 4.4, otherwise goes to step 3.4;
Step 3.4) browser makes suitable information and forwards the information to gateway;
Step 3.5) attacker checks this information and recognizes that the user intends to carry out a behaviour with destination server Make, has forwarded the information to destination server;
Step 3.6) server whole station uses SSL, server response response message to gateway;
Step 3.7) attacker has intercepted the information, and decrypts the content responded, is transmitted to user after modification;
Step 3.8) proxy module has received the response of server and is checked;
Step 3.9) proxy module compares the initial configuration file of webpage and the configuration file that page analyzer is newly-generated, sentences Whether suspension page is tampered;
If step 3.10) inspection passes through, webpage is not tampered with, and is gone to step 4, is otherwise gone to step 3.11;
Step 3.11) proxy module abandons this request, notifies user's local network exists to attack and provide report;
Step 4) establishes private data tracking module;
Whether step 4.1) detection response webpage includes secure log frame;
Step 4.2) webpage does not include secure log frame, and the page is shown to user, and primary request terminates;
Step 4.3) webpage includes secure log frame, JS program is added in webpage, by page presentation to user;
Step 4.4) marking of web pages sends logging request, and whether detection request includes clear-text passwords, if is SSL transmission;
If step 4.5) request is comprising clear-text passwords or is non-SSL transmission, request dangerous, goes to step 3.11;
If step 4.6) request safety, goes to step 3.4.
It is above-mentioned to establish detected rule, be based on original configuration file based on the page and contain possibly be present at it is every Dangerous modification in a page, is described in detail the risk of webpage steering, and the page for each carrying out automatic network is being sent back to It can all be compared by the stringent detection of rule before to user there.
Above-mentioned generation configuration file is to analyze and identify the request and server that browser issues by detected rule Response message identifies the attribute of crucial data and data, is then recorded in the current configuration file of the page.It is described to build Vertical go-between's detector is to be carried out pair by detected rule by what the existing configuration file of the page and page analyzer were created Than so that whether a page is tampered by attacker to make decision.Any variation that page analyzer is found, if rule It is then upper to be confirmed again, it will be considered as a mark of attack, so that this page would not be transmitted to user.
It is above-mentioned to establish private data tracking module, it is to identify user by being inserted into JavaScript code in the page Private information allows and goes to prevent it when the leakage of the private data of user, when go-between's detector mistake is by page Face variation can prevent the leakage of user's private data when being considered safe.
Compared with prior art, the beneficial effects of the present invention are:
1. the present invention by the detection to client request and server response contents, can protect user from SSLstrip is attacked and the certificate of user is protected to steal from following means: turning to prevention, unsafe list, method and note Enter, improves safety and reliability when user accesses website.
2. the present invention is the broker program based on historical information.Utilize the request and response of the website for creating configuration file It is trained, creates configuration file by the security feature of a website rather than based on web site contents.It can make this in this way Invention is correctly disposed and is worked on static website and most of dynamic website.
3. the present invention is used as Client Agent, the configuration file for the secure site that all users browsed is created, no It needs the cooperation of server end also not dependent on the mean of defense of Third Party Authentication, real-time protection can be provided for client.
Detailed description of the invention
Fig. 1 is system architecture diagram of the invention.
Fig. 2 is the flow chart that configuration file of the present invention generates.
Fig. 3 is go-between's overhaul flow chart of the present invention.
Fig. 4 is private data trace flow figure of the present invention.
Fig. 5 is present system work overall flow figure.
Specific embodiment
The specific implementation of the invention is described in further details with reference to the accompanying drawing:
Step 1: establishing detected rule, detected rule contains the danger modification to each typical susceptible data structure. The page for each carrying out automatic network can be compared before being sent back to user there by the stringent detection of rule, and HTTP Moved disappears Whether the conversion of breath detected rule detection HTTP and HTTPS request are allowed to;
JS detected rule is established by JS preprocessor, checks whether the JavaScript code of load is maliciously repaired Change;Iframe tags rule is for forbidding the Iframe additionally added to cover original page;The HTTP Forms regular record page Form information, do not allow to modify the list that may reveal user information.
Step 2: configuration file generates.As shown in Fig. 2, page analyzer identifies that the attribute of critical data and they is right It is recorded in the current configuration file of the page afterwards.If some page is to access for the first time, it can be registered to configuration text In part database, and become the initial configuration file of the page, is then forwarded to user.If not for the first time, configuration is literary Part can check the initial configuration file of the page by go-between's detector.
Step 3: go-between's detection.As shown in figure 3, detector judges to obtain whether request is logging request, if so, inspection It surveys device and gives request to private data tracking module.If it is not, detector will use detected rule for the existing configuration of the page File is compared with the configuration file that page analyzer is created, and judges whether the page is tampered by attacker.Web page analysis Any variation that device is found, if rule is upper and is confirmed, as soon as it will be considered as the mark of attack, this page User will not be transmitted to.
Step 4: private data tracking.As shown in figure 4, first determining whether the page is login page, if it is not, then not Carry out private data tracking.Otherwise it modifies to each page for including secure log frame and increases a JavaScript Program, once user inputs password, which will be sent to proxy module password, which will be recorded.It removes Except this, as soon as it, which returns each frame, increases the hiding field for including location information, we can be identified later in this way It is which page issues request out.Private data tracking module checks whether close comprising having stored in the data sent out Code, if password appears in the data, rather than passes through SSL traffic, it is meant that attacker has successfully bypassed go-between Detector just sends password to the outside now.In this case, it will not allow to establish such connection and user is notified to receive Attack.
The defence method for SSLstrip attack that the invention proposes a kind of as shown in Figure 5 based on historical information, and Using the method achieve a proxy module, which creates the security station that all users browsed by detected rule The configuration file of point contains the accurate service condition of the website in configuration file.Use this configuration file and detection rule Then, once the page is distorted by go-between's malice, system can identify and notify user that there are resistances while network attack The only connection of user.Meanwhile a private data tracking module is established, JavaScript code is inserted into login page, Detect logging request in whether include plaintext private information, prevent the leakage of private information with this.Implementation step are as follows:
Step 1) establishes detected rule;
Step 1.1) establishes HTTP Moved message detection rule;
Step 1.2) establishes JavaScript safety detection rule;
Step 1.3) establishes Iframe tags detected rule;
Step 1.4) establishes Http Form detected rule;
The generation of step 2) configuration file;
Step 2.1) user accesses common normal website by proxy module;
Step 2.2) proxy module obtains the response of browse request and server;
Step 2.3) page analyzer analyzes the key component of webpage, identifies data and attribute, generates current web page Configuration file;
If step 2.4) webpage is to access for the first time, 2.5 are gone to step, otherwise goes to step 3;
Step 2.5) JavaScript pretreatment is done identical JS request twice, and is compared to data block twice. Create the template of a constant part for data block different piece and record position and the length of dynamic part, by information record into Webpage configuration file.
The configuration file of the webpage is inputted configuration files database by step 2.6);
Step 2.7) the configuration file is transmitted to user as the initial configuration file of the page;
Step 3) go-between detection;
Step 3.1) default attacker successfully realizes MITM, has attacked a wireless network and has become the net of the network It closes.On this basis, all requests and response of any host are all checked or are modified by him in wireless network.
Step 3.2) user accesses server using browser from wireless network;
If step 3.3) logging request goes to step 4.4, otherwise goes to step 3.4;
Step 3.4) browser makes suitable information and forwards the information to gateway.
Step 3.5) attacker checks this information and recognizes that the user intends to carry out a behaviour with destination server Make, has forwarded the information to destination server.
Step 3.6) server whole station uses SSL, server response response message to gateway.
Step 3.7) attacker intercepts the information, and decrypts the content responded, is transmitted to user after modification.
Step 3.8) proxy module has received the response of server and is checked.
Step 3.9) proxy module compares the initial configuration file of webpage and the configuration file that page analyzer is newly-generated, sentences Whether suspension page is tampered.
If step 3.10) inspection passes through, webpage is not tampered with, and is gone to step 4, is otherwise gone to step 3.11;
Step 3.11) proxy module abandons this request, notifies user's local network exists to attack and provide report.
The tracking of step 4) private data;
Whether step 4.1) detection response webpage includes secure log frame;
Step 4.2) webpage does not include secure log frame, and the page is shown to user, and primary request terminates;
Step 4.3) webpage includes secure log frame, JS program is added in webpage, by page presentation to user;
Step 4.4) marking of web pages sends logging request, and whether detection request includes clear-text passwords, if is SSL transmission;
If step 4.5) request is comprising clear-text passwords or is non-SSL transmission, request dangerous, abandon this request, Notify user's local network exists to attack and provide report;
If step 4.6) request safety, goes to step 3.4.

Claims (5)

1. a kind of defence method for SSLstrip attack based on historical information, includes the following steps:
Step 1) establishes detected rule;
Step 1.1) establishes HTTP Moved message detection rule;
Step 1.2) establishes JavaScript safety detection rule;
Step 1.3) establishes Iframe tags detected rule;
Step 1.4) establishes Http Form detected rule;
Step 2) generates configuration file;
Step 2.1) user accesses common normal website by proxy module;
Step 2.2) proxy module obtains the response of browse request and server;
Step 2.3) page analyzer analyzes the key component of webpage, identifies data and attribute, generates the configuration of current web page File;
If step 2.4) webpage is to access for the first time, 2.5 are gone to step, otherwise goes to step 3;
Step 2.5) JavaScript pretreatment is done identical JavaScript request twice, and is carried out to data block twice Compare, is that the different piece of data block creates the template of a dynamic part, and records position and the length of dynamic part, will believe Breath record network access page configuration file;
The configuration file of the webpage is inputted configuration files database by step 2.6);
Step 2.7) the configuration file is transmitted to user as the initial configuration file of the page;
Step 3) establishes go-between's detector;
Step 3.1) default attacker successfully realizes MITM, has attacked a wireless network and has become the gateway of the network, On the basis of this, all requests and response of any host are all checked or are modified by it in wireless network;
Step 3.2) user accesses server using browser from wireless network;
If step 3.3) logging request goes to step 4.4, otherwise goes to step 3.4;
Step 3.4) browser makes suitable information and forwards the information to gateway;
Step 3.5) attacker checks this information and recognizes that the user intends to be carried out an operation with destination server, Destination server is forwarded the information to;
Step 3.6) server whole station uses SSL, server response response message to gateway;
Step 3.7) attacker has intercepted the information, and decrypts the content responded, is transmitted to user after modification;
Step 3.8) proxy module has received the response of server and is checked;
Step 3.9) proxy module compares the initial configuration file of webpage and the configuration file that page analyzer is newly-generated, judges net Whether page is tampered;
If step 3.10) inspection passes through, webpage is not tampered with, and is gone to step 4, is otherwise gone to step 3.11;
Step 3.11) proxy module abandons this request, notifies user's local network exists to attack and provide report;
Step 4) establishes private data tracking module;
Whether step 4.1) detection response webpage includes secure log frame;
Step 4.2) webpage does not include secure log frame, and the page is shown to user, and primary request terminates;
Step 4.3) webpage includes secure log frame, JS program is added in webpage, by page presentation to user;
Step 4.4) marking of web pages sends logging request, and whether detection request includes clear-text passwords, if is SSL transmission;
If step 4.5) request is comprising clear-text passwords or is non-SSL transmission, request dangerous, goes to step 3.11;
If step 4.6) request safety, goes to step 3.4;
Terminate.
2. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature Be: it is described to establish detected rule, be based on original configuration file based on the page and contain possibly be present at it is each Dangerous modification in the page, is described in detail the risk of webpage steering, and the page for each carrying out automatic network is being sent back to It can all be compared by the stringent detection of rule before user there.
3. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature Be: the generation configuration file is the sound for analyzing and identifying request and server that browser issues by detected rule Information is answered, the attribute of crucial data and data is identified, is then recorded in the current configuration file of the page.
4. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature It is: it is described to establish go-between's detector, it is to be created the existing configuration file of the page with page analyzer by detected rule That builds compares, so that whether a page is tampered by attacker to make decision, page analyzer is found any Variation is confirmed again if rule is upper, will be considered as a mark of attack, so that this page would not be transmitted to User.
5. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature It is: it is described to establish private data tracking module, it is to identify the private of user by being inserted into JavaScript code in the page Confidential information allows and goes to prevent it when the leakage of the private data of user, when go-between's detector mistake is by page Variation can prevent the leakage of user's private data when being considered safe.
CN201610579448.2A 2016-07-21 2016-07-21 A kind of SSLstrip defence method based on historical information Active CN106161453B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610579448.2A CN106161453B (en) 2016-07-21 2016-07-21 A kind of SSLstrip defence method based on historical information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610579448.2A CN106161453B (en) 2016-07-21 2016-07-21 A kind of SSLstrip defence method based on historical information

Publications (2)

Publication Number Publication Date
CN106161453A CN106161453A (en) 2016-11-23
CN106161453B true CN106161453B (en) 2019-05-03

Family

ID=58060435

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610579448.2A Active CN106161453B (en) 2016-07-21 2016-07-21 A kind of SSLstrip defence method based on historical information

Country Status (1)

Country Link
CN (1) CN106161453B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899579B (en) * 2017-02-08 2019-12-06 北京网康科技有限公司 detection method and device for man-in-the-middle attack
CN107133519B (en) * 2017-05-15 2019-07-05 华中科技大学 Privacy compromise detection method and system in a kind of communication of Android application network
CN107634967B (en) * 2017-10-19 2021-06-25 南京大学 CSRFtoken defense system and method for CSRF attack
CN108650236B (en) * 2018-04-13 2021-04-16 上海连尚网络科技有限公司 Method and equipment for detecting ssl man-in-the-middle attack
US10855723B2 (en) 2018-05-11 2020-12-01 Cisco Technology, Inc. Enforcing a secure transport protocol with dynamically updated stored data
CN110929129B (en) * 2018-08-31 2023-12-26 阿里巴巴集团控股有限公司 Information detection method, equipment and machine-readable storage medium
WO2021002013A1 (en) * 2019-07-04 2021-01-07 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Abnormality detection device, and abnormality detection method
CN110535886B (en) * 2019-09-30 2022-09-16 中国工商银行股份有限公司 Method, apparatus, system, device and medium for detecting man-in-the-middle attacks
CN112671753B (en) * 2020-12-18 2023-05-23 福建中信网安信息科技有限公司 Information security integration level protection system
CN115567426A (en) * 2022-09-23 2023-01-03 北京中睿天下信息技术有限公司 Method for rapidly capturing local area network HTTPS data packet by using ARP

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111410A (en) * 2011-01-13 2011-06-29 中国科学院软件研究所 Agent-based single sign on (SSO) method and system
CN102571770A (en) * 2011-12-27 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Man-in-the-middle attack detection method, device, server and system
CN102902934A (en) * 2011-09-27 2013-01-30 微软公司 Integration and interactive operation system for unknowable host

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3479742B2 (en) * 2000-05-08 2003-12-15 株式会社アイディーエス Carrier-free terminal authentication system by mail back method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111410A (en) * 2011-01-13 2011-06-29 中国科学院软件研究所 Agent-based single sign on (SSO) method and system
CN102902934A (en) * 2011-09-27 2013-01-30 微软公司 Integration and interactive operation system for unknowable host
CN102571770A (en) * 2011-12-27 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Man-in-the-middle attack detection method, device, server and system

Also Published As

Publication number Publication date
CN106161453A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
CN106161453B (en) A kind of SSLstrip defence method based on historical information
EP3219068B1 (en) Method of identifying and counteracting internet attacks
US8843516B2 (en) Internet security
Banu et al. A comprehensive study of phishing attacks
US7313691B2 (en) Internet site authentication service
Chitrey et al. A comprehensive study of social engineering based attacks in india to develop a conceptual model
Shetty et al. Are you dating danger? An interdisciplinary approach to evaluating the (in) security of android dating apps
EP3885946A1 (en) Method of monitoring and protecting access to an online service
Maksutov et al. Detection and prevention of DNS spoofing attacks
US20180302437A1 (en) Methods of identifying and counteracting internet attacks
Jain et al. Session hijacking: threat analysis and countermeasures
EP4068125B1 (en) Method of monitoring and protecting access to an online service
EP3885945B1 (en) Method of monitoring and protecting access to an online service
Cuzme-Rodríguez et al. Offensive Security: Ethical Hacking Methodology on the Web
Singh et al. A survey on phishing and anti-phishing techniques
Mirdula et al. Security vulnerabilities in web application-An attack perspective
Wang et al. A framework for formal analysis of privacy on SSO protocols
Shan et al. Heuristic systematic model based guidelines for phishing victims
Narula et al. Novel Defending and Prevention Technique for Man‐in‐the‐Middle Attacks in Cyber‐Physical Networks
EP3885947A1 (en) Method of monitoring and protecting access to an online service
Modi et al. Design and implementation of RESTFUL API based model for vulnerability detection and mitigation
CN107294994A (en) A kind of CSRF means of defences and system based on cloud platform
Amin et al. Facebook: A comprehensive analysis of phishing on a social system
CN107682371A (en) A kind of malice AP detection method and device
Devi et al. Security Analysis on Remote Authentication against Man-in-the-Middle Attack on Secure Socket Layer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant