CN115695050B - Method and device for preventing click hijacking attack, electronic equipment and storage medium - Google Patents
Method and device for preventing click hijacking attack, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115695050B CN115695050B CN202211727849.XA CN202211727849A CN115695050B CN 115695050 B CN115695050 B CN 115695050B CN 202211727849 A CN202211727849 A CN 202211727849A CN 115695050 B CN115695050 B CN 115695050B
- Authority
- CN
- China
- Prior art keywords
- access
- user
- trusted
- visiting
- csp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a method and a device for preventing click hijack attack, electronic equipment and a storage medium, and relates to the technical field of computers, wherein the method for preventing click hijack attack comprises the following steps: obtaining an access request of at least one access user from the log; determining a trusted access list based on each access request; the trusted access list comprises trusted access users and non-trusted access users in all the access users; based on the trusted access list, a content security policy, CSP, is determined. In the method, the trusted access list comprises trusted access users and non-trusted access users of the access users; therefore, different content security policies can be determined for the trusted access user and the untrusted access user, and click hijack attack prevention of the different content security policies is achieved for the different access users; because each access user corresponds to different content security policies, the user cannot view information of other access users, and the data security of the user is ensured.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for preventing click hijacking attack, electronic equipment and a storage medium.
Background
The Click hijacking (Click hacking) attack technology is also called interface masquerading attack (UI refresh attack) and is a visual deception means. An attacker overlays a normal web page with one or more transparent iframes, and then entices the user to operate on the web page. When a user clicks a transparent iframe page under the unknown condition, the operation of the user is hijacked to a malicious button or link designed by an attacker in advance, and the attacker attacks through Click shocking, so that the benefit of the user is damaged.
In the related art, a scheme for solving click cracking attack mainly improves security based on a security policy of a browser and a rule issued by a server, and specifically adopts the following two modes: 1) The x-frame-options header sets corresponding parameters, so that iframes are intercepted, and the iframes are not allowed to be loaded; 2) The Content Security Policy (CSP) is used for Security protection.
However, the utilization of the x-frame-options header can only completely reject iframe loading or can only add a single address white list to solve the problem of click cracking attack; when the CSP is utilized, any user can directly see the white list address through a technical means, and data security risks can be brought to the user. Therefore, how to perform click hacking attack prevention aiming at multiple source addresses under the condition of ensuring the security of user data is a problem to be solved urgently.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a method and a device for preventing click hijacking attack, electronic equipment and a storage medium.
The invention provides a method for preventing click hijack attack, which comprises the following steps:
obtaining an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage;
determining a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users;
determining a Content Security Policy (CSP) based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
Optionally, the determining a trusted access list based on each of the access requests includes:
for each access user, reading a target field in the access request; the target field is used for representing address information of the access user;
matching the address information with a preset address information database, and determining the trusted access list based on a matching result; and the preset address information database stores the address information of at least one trusted access user.
Optionally, the matching the address information with a preset address information database, and determining the trusted access list based on a matching result includes:
under the condition that the address information is successfully matched with the address information of the credible access user stored in a preset address information database, determining the access user as the credible access user;
and under the condition that the address information is unsuccessfully matched with the address information of the trusted access user stored in a preset address information database, determining the access user as the non-trusted access user.
Optionally, the determining a content security policy CSP based on the trusted access list includes:
for each of the visiting users, determining a first CSP for the visiting user if the visiting user is the trusted visiting user;
wherein the first CSP comprises a first response header added for the visiting user; the first response head is used for representing that the webpage of the visiting user is allowed to be displayed on the target webpage.
Optionally, the determining a content security policy based on the trusted access list includes:
for each of the visiting users, determining a second CSP for the visiting user if the visiting user is the untrusted visiting user; the second CSP comprises a second response header added for the visiting user; the second response head is used for indicating that the webpage of the visiting user is allowed to be displayed on the target webpage under the condition that the visiting user and the target webpage have the same domain name.
Optionally, the accessing user sends the access request to the target webpage by using a hypertext transfer protocol or a hypertext transfer security protocol.
The invention also provides a device for preventing the click hijack attack, which comprises:
the acquisition module is used for acquiring an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage;
a first determining module, configured to determine a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users;
a second determination module for determining a content security policy, CSP, based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the method for preventing the click hijacking attack.
The present invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of preventing a click hijacking attack as described in any of the above.
The invention also provides a computer program product comprising a computer program, wherein the computer program realizes the method for preventing the click hijacking attack when being executed by the processor.
According to the method, the device, the electronic equipment and the storage medium for preventing the click hijacking attack, the access request of at least one access user is obtained from the log, and then the trusted access list is determined based on each access request; the trusted access list comprises trusted access users and non-trusted access users in all the access users; therefore, different content security policies can be determined for the trusted access users and the untrusted access users, and therefore click shocking attack prevention of different content security policies is achieved for different access users (namely addresses of multiple sources); meanwhile, each access user corresponds to different content security policies, so that the user cannot check the information of other access users through any content security policy, and the data security of the user is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a method for preventing a click hijacking attack according to the present invention;
FIG. 2 is a second schematic flow chart of the method for preventing a click hijacking attack according to the present invention;
FIG. 3 is a schematic structural diagram of a device for preventing a click hijacking attack according to the present invention;
fig. 4 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
To facilitate a clearer understanding of the embodiments of the present application, some relevant background information is first presented below.
Since the HTML frame can be used to display the web page in other web pages by means of the iframe frame, a security risk point is formed. An attacker can overlay the original web page with a hidden transparent layer and use its own Javascript and UI elements. Malicious attackers give users access to malicious pages through a variety of tricky ways, which are visible to the naked eye as if the user knows and trusts the site, but actually have many hidden UIs. The user has clicked on a page element without knowing and expects the content he wants, but in fact the attacker's malicious script has been run.
The victim visits the attacker's website in order to communicate with the visible user interface, but inadvertently interacts with the hidden UI. Malicious attackers may use hidden pages to trick people into something they do not want by strategically placing hidden elements on the web page.
The scheme for solving the click cracking attack in the related technology mainly aims to improve the security based on a browser security policy and a rule issued by a server side, and the specific technical scheme is an x-frame-options header or CSP policy. The method comprises the following specific steps:
a) Using x-frame-options headers to protect against click shocking attacks
The parameter may be dent, SAMEORIGIN or allow-from.
(1) And setting the interception as dense, if all the interception is carried out, the iframe loading is not allowed, and the service requirement on the function cannot be met.
(2) Set to SAMEORIGIN, only allow iframe nesting for this domain name, not other domain names. The functional business requirements cannot be met.
(3) Set to allow-from, a single Uniform Resource Locator (URL) may be whited later, allowing the URL to nest the loaded page in iframe. However, only one entry can be added, and many browsers do not support the option value, and cannot meet the service requirement of opening multiple domain names in function.
b) Using CSP to guard against click shocking attacks
Frame-ans $ uri1 $ uri2 may be used
That is, if you want to allow a particular $ uri1 → $ uri2 to embed your website in iframe and disable all other uri, this option may be set.
However, the problems with this solution are:
(1) Any user can directly see which domain names or URLs are in the white list by technical means as long as the domain names are opened. The white list is a user list using the system and is a part of a customer list in a SaaS scene, thereby causing a new information leakage risk.
(2) Many of the revealed domain names are enterprise internal office domain names. Exposure can pose a certain level of security risk to the customers of the enterprise.
In order to prevent click hacking attacks against a plurality of source addresses while ensuring the security of user data, embodiments of the present invention provide a method and an apparatus for preventing a click hijacking attack, an electronic device, and a storage medium.
The method for preventing the click hijacking attack provided by the present invention is specifically described below with reference to fig. 1 to 2. Fig. 1 is a schematic flow diagram of a method for preventing a click hijacking attack, shown in fig. 1, and includes steps 101 to 103, where:
It should be noted that the execution main body of the present invention may be any electronic device capable of preventing a click hijacking attack, for example, any one of a smart phone, a smart watch, a desktop computer, a portable computer, and the like.
In this embodiment, first, an access request of at least one accessing user needs to be obtained from the system access log. The visiting user refers to a visiting user for visiting a specified target webpage, and the presentation form of the visiting user can be a domain name, a URL address and the like.
In practical applications, there are various ways of obtaining the access request of at least one access user from the system access log, for example, actively pulling the access request of the access user from the system access log in real time; or setting a time threshold value, and actively pulling the access request of the access user after a preset time length; the access request of the access user can also be passively acquired through a subscription message and the like. The method for acquiring the access request of the access user is not particularly limited.
It should be noted that the access request is used for displaying the webpage of the access user on the target webpage; in practical applications, the access request may be an iframe request. The execution body can analyze a sec-fetch-dest field in the header in the access request and determine whether the value of the field is iframe or frame; if yes, determining that the access request is used for displaying the webpage of the access user on the target webpage.
102, determining a trusted access list based on each access request; the trusted access list comprises trusted access users and non-trusted access users in the access users.
In this embodiment, after the access request for each access user to access the target webpage is acquired, it is necessary to determine whether each access user is a trusted access user based on each access request. In practical applications, the trusted access user may be set to a white list.
Optionally, for a trusted access user, the access user may send an access request to a target web page using Hypertext Transfer Protocol (http) or Hypertext Transfer Protocol security (https).
Specifically, for the white list domain name (i.e., the trusted access user mentioned above), it is allowed to make a request using http or https. And meanwhile, multi-level sub-domain names are supported, and as long as the main domain name conforms to the white list, the white list is added to the request.
103, determining a Content Security Policy (CSP) based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
In this embodiment, after the trusted access list is determined, different CSP policies need to be determined for the trusted access user and the untrusted access user in the feasible access list.
That is, each visiting user corresponds to a different CSP policy, so as to ensure the data security of the user.
It will be appreciated that CSP policies refer to content security policies, and that to alleviate a significant portion of the potential cross-site scripting problems, the browser's extender system introduces the general concept of Content Security Policy (CSP). This introduces some fairly strict policies that make the extension program more secure by default, and the developer can create and enforce rules to manage what the website is allowed to load.
The method for preventing the click hijack attack obtains the access request of at least one access user from the log, and then determines a credible access list based on each access request; the trusted access list comprises trusted access users and non-trusted access users in all the access users; therefore, different content security policies can be determined for the trusted access users and the untrusted access users, and therefore click shocking attack prevention of different content security policies is achieved for different access users (namely addresses of multiple sources); meanwhile, each access user corresponds to different content security policies, so that the user cannot check the information of other access users through any content security policy, and the data security of the user is ensured.
Optionally, in a possible implementation manner of the embodiment of the present invention, the determining a trusted access list based on each access request may specifically be implemented by the following steps 1) to 2):
step 1), reading a target field in the access request aiming at each access user; the target field is used for representing address information of the access user;
step 2), matching the address information with a preset address information database, and determining the trusted access list based on the matching result; the preset address information database stores address information of at least one trusted access user.
In this embodiment, after the access request of each access user is acquired from the log, for each access user, a target field used for characterizing address information of the access user in the access request needs to be read.
In practical applications, the target field may be carried in the refer field of the access request, and the target field may be, for example, a URL of the accessing user.
It can be understood that in the business system of browser/server (B/S) architecture, the standard http protocol will send refer field, so that the browser/server obtains the source information of the access request, and tells the server which page the access request is linked from.
After reading the target field in the access request, matching the address information in the target field with a preset address information database, and determining a trusted access list based on a matching result.
The preset address information database stores address information of at least one trusted access user.
Optionally, the matching of the address information with a preset address information database is performed, and the trusted access list is determined based on a matching result, which is specifically implemented by the following steps 2.1) to 2.2):
step 2.1), under the condition that the address information is successfully matched with the address information of the credible access user stored in a preset address information database, determining the access user as the credible access user;
step 2.1), under the condition that the address information is failed to be matched with the address information of the credible access user stored in a preset address information database, determining the access user as the non-credible access user.
In the above embodiment, for each access user, the target field in the access request is read, and the address information of the access user in the target field is matched with the preset address information database, so that it can be determined that the access user is a trusted access user or an untrusted access user, and different CSP policies are determined for different access users subsequently, and thus, while ensuring the security of user data, implementing click hacking attack prevention of different content security policies for addresses from multiple sources.
Optionally, the determining the content security policy CSP based on the trusted access list may be specifically implemented by:
it should be noted that the execution agent may determine different CSPs for accessing the user based on the flexible script syntax of the middleware Nginx.
Mode 1, for each visiting user, under the condition that the visiting user is the credible visiting user, determining a first CSP for the visiting user;
wherein the first CSP comprises a first response header added for the visiting user; the first response head is used for representing that the webpage of the visiting user is allowed to be displayed on the target webpage.
In practical application, when the access user is determined to be a trusted access user based on matching of the URL in the refer field with the preset address information database, the first CSP needs to be determined for the access user.
Specifically, variable assignment needs to be performed by means of a map function of the nginnx, so that the first CSP is issued to the domain name of the trusted access user, that is, the first CSP is used for whitening the access user of the access request.
For example: the access request of the trusted access user can be expressed as: https:///' aaaa. Com/;
a first response header needs to be added via the map function of Nginx to generate a first CSP, where the first CSP may be identified as:
Content-Security-Policy ''frame-ancestors'' 'self';
https://*aaaaa.com/;''
in the first CSP, the first response header is used to indicate that the webpage of the accessing user is allowed to be displayed on the target webpage, and the first response header is expressed as:
Content-Security-Policy ''frame-ancestors'' 'self';
it should be noted that the following is a specific implementation manner of adding a first response header to access requests (http | https)//. Aaaaaa \ com/and (http | https)/. Bbbbbb \ com/for trusted users:
map $http_referer $csp_header {
default "frame-ancestors 'self';";
"~(http|https)://.*aaaaa\.com/" "frame-ancestors 'self' $http_referer;";
"~(http|https)://.*bbbbb\.com/" "frame-ancestors 'self'$http_referer;";
"~(http|https)://10\.10\.10\.10/" "frame-ancestors 'self' $http_referer;";
}
add_header Content-Security-Policy "$csp_header";
in the above embodiment, the first response header added for the trusted access user can prevent the non-white list address (the untrusted access user) from being loaded normally when the target webpage is requested by using the iframe method.
Meanwhile, by means of a map function of Nginx and a regular expression, single matching of a trusted access user (white list) is realized, and a result is returned in a non-public manner; each credible access user can only see the own domain name and cannot acquire the information of other access sources; the information security of the access source is effectively ensured.
Mode 2, for each access user, under the condition that the access user is the untrusted access user, determining a second CSP for the access user; the second CSP comprises a second response header added for the visiting user; the second response head is used for indicating that the webpage of the visiting user is allowed to be displayed on the target webpage under the condition that the visiting user and the target webpage have the same domain name.
It should be noted that, no matter for trusted access users or untrusted access users, all access requests need to be loaded with X-Frame-Options request headers and the value is set to SAMEORIGIN, i.e. add _ header X-Frame-Options SAMEORIGIN, and the security can be well guaranteed by default.
In case the accessing user is an untrusted accessing user, content-Security-Policy "frame-processes 'self' needs to be returned, i.e. only the present domain name is allowed to be loaded using iframe mode.
In the above embodiment, when the access user is an untrusted access user, only the domain name is allowed to be loaded in an iframe manner, thereby ensuring information security of the access source.
By means of the mode 1 and the mode 2, click hacking attack prevention of different content security policies is achieved for different access users (namely, addresses of multiple sources), and meanwhile information security of the access sources is guaranteed.
Fig. 2 is a second schematic flow chart of the method for preventing a click hijacking attack, shown in fig. 2, and including steps 201 to 207, where:
Step 202, reading a target field in the access request for each access user; wherein, the target field is used for representing the address information of the access user.
And step 203, matching the address information with the address information of each trusted access user stored in the preset address information database, and judging whether the matching is successful. If yes, go to step 204 to step 205; if not, go to step 206 to step 207.
And step 204, determining the access user as a trusted access user.
The following describes the prevention apparatus for click hijack attack provided by the present invention, and the prevention apparatus for click hijack attack described below and the prevention method for click hijack attack described above can be referred to each other. Fig. 3 is a schematic structural diagram of the protection device against a click hijacking attack provided by the present invention, and as shown in fig. 3, the protection device 300 against a click hijacking attack includes: an obtaining module 301, a first determining module 302, and a second determining module 302, wherein:
an obtaining module 301, configured to obtain an access request of at least one access user from a log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage;
a first determining module 302, configured to determine a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users;
a second determining module 303, configured to determine a content security policy CSP based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
The device for preventing the click hijack attack acquires the access request of at least one access user from the log and then determines a trusted access list based on each access request; the trusted access list comprises trusted access users and non-trusted access users in all the access users; therefore, different content security policies can be determined for the trusted access users and the untrusted access users, and therefore click shocking attack prevention of different content security policies is achieved for different access users (namely addresses of multiple sources); meanwhile, each access user corresponds to different content security policies, so that the user cannot check the information of other access users through any content security policy, and the data security of the user is ensured.
Optionally, the first determining module 302 is further configured to:
for each access user, reading a target field in the access request; the target field is used for representing address information of the access user;
matching the address information with a preset address information database, and determining the trusted access list based on a matching result; and the preset address information database stores the address information of at least one trusted access user.
Optionally, the first determining module 302 is further configured to:
under the condition that the address information is successfully matched with the address information of the trusted access user stored in a preset address information database, determining the access user as the trusted access user;
and under the condition that the address information is unsuccessfully matched with the address information of the trusted access user stored in a preset address information database, determining the access user as the non-trusted access user.
Optionally, the second determining module 303 is further configured to:
for each of the visiting users, in the case that the visiting user is the trusted visiting user, determining a first CSP for the visiting user;
wherein the first CSP comprises a first response header added for the visiting user; the first response head is used for representing that the webpage of the visiting user is allowed to be displayed on the target webpage.
Optionally, the second determining module 303 is further configured to:
for each of the visiting users, determining a second CSP for the visiting user if the visiting user is the untrusted visiting user; the second CSP comprises a second response header added for the visiting user; the second response head is used for indicating that the webpage of the visiting user is allowed to be displayed on the target webpage under the condition that the visiting user and the target webpage have the same domain name.
Optionally, the accessing user sends the access request to the target webpage by using a hypertext transfer protocol or a hypertext transfer security protocol.
Fig. 4 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 4: a processor (processor) 410, a communication Interface 420, a memory (memory) 430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. The processor 410 may call logical instructions in the memory 430 to perform a method of protecting against a click hijacking attack, the method comprising: obtaining an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage; determining a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users; determining a Content Security Policy (CSP) based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, where the computer program product includes a computer program, the computer program may be stored on a non-transitory computer-readable storage medium, and when the computer program is executed by a processor, a computer can execute the method for preventing a click hijacking attack provided by the above methods, where the method includes: obtaining an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage; determining a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users; determining a Content Security Policy (CSP) based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program, which when executed by a processor, implements a method for preventing a click hijacking attack provided by the above methods, the method comprising: obtaining an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage; determining a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users; determining a Content Security Policy (CSP) based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (7)
1. A method for preventing click hijacking attack is characterized by comprising the following steps:
obtaining an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage;
determining a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users;
determining a Content Security Policy (CSP) based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage;
wherein the determining a content security policy, CSP, based on the trusted access list comprises:
for each of the visiting users, determining a first CSP for the visiting user if the visiting user is the trusted visiting user; wherein the first CSP comprises a first response header added for the visiting user; the first response head is used for representing that the webpage of the visiting user is allowed to be displayed on the target webpage;
for each of the visiting users, determining a second CSP for the visiting user if the visiting user is the untrusted visiting user; the second CSP comprises a second response header added for the visiting user; the second response head is used for indicating that the webpage of the visiting user is allowed to be displayed on the target webpage under the condition that the visiting user and the target webpage have the same domain name.
2. The method for preventing click hijacking attack according to claim 1, wherein said determining a trusted access list based on each of said access requests comprises:
for each access user, reading a target field in the access request; the target field is used for representing address information of the access user;
matching the address information with a preset address information database, and determining the trusted access list based on a matching result; the preset address information database stores address information of at least one trusted access user.
3. The method for preventing click hijacking attack according to claim 2, wherein the matching the address information with a preset address information database and determining the trusted access list based on the matching result comprises:
under the condition that the address information is successfully matched with the address information of the trusted access user stored in a preset address information database, determining the access user as the trusted access user;
and under the condition that the address information is unsuccessfully matched with the address information of the trusted access user stored in a preset address information database, determining the access user as the non-trusted access user.
4. The method for preventing click hijacking attack according to claim 1, wherein said access user sends said access request to said target web page using hypertext transfer protocol or hypertext transfer security protocol.
5. A protection device against a click hijacking attack, comprising:
the acquisition module is used for acquiring an access request of at least one access user from the log; the access user is a user accessing a target webpage; the access request is used for displaying the webpage of the access user on the target webpage;
a first determining module, configured to determine a trusted access list based on each of the access requests; the trusted access list comprises trusted access users and non-trusted access users in the access users;
a second determination module for determining a content security policy, CSP, based on the trusted access list; the CSP is used for preventing the click hijack attack aiming at the target webpage;
wherein the second determining module is further configured to:
for each of the visiting users, determining a first CSP for the visiting user if the visiting user is the trusted visiting user; wherein the first CSP comprises a first response header added for the visiting user; the first response head is used for representing that the webpage of the visiting user is allowed to be displayed on the target webpage;
for each of the visiting users, determining a second CSP for the visiting user if the visiting user is the untrusted visiting user; the second CSP comprises a second response header added for the visiting user; the second response head is used for indicating that the webpage of the visiting user is allowed to be displayed on the target webpage under the condition that the visiting user and the target webpage have the same domain name.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements a method for protecting against a click hijacking attack as claimed in any one of claims 1 to 4 when executing the program.
7. A non-transitory computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements a method for preventing a click hijacking attack as recited in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211727849.XA CN115695050B (en) | 2022-12-31 | 2022-12-31 | Method and device for preventing click hijacking attack, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211727849.XA CN115695050B (en) | 2022-12-31 | 2022-12-31 | Method and device for preventing click hijacking attack, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115695050A CN115695050A (en) | 2023-02-03 |
| CN115695050B true CN115695050B (en) | 2023-04-07 |
Family
ID=85057516
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211727849.XA Active CN115695050B (en) | 2022-12-31 | 2022-12-31 | Method and device for preventing click hijacking attack, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115695050B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067385A (en) * | 2012-12-27 | 2013-04-24 | 深圳市深信服电子科技有限公司 | Defensive method and firewall for session hijacking and attacking |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10432662B2 (en) * | 2015-04-30 | 2019-10-01 | Oath, Inc. | Method and system for blocking malicious third party site tagging |
| CN110278207B (en) * | 2019-06-21 | 2023-04-07 | 深圳前海微众银行股份有限公司 | Click hijacking vulnerability detection method and device and computer equipment |
| CN111092910B (en) * | 2019-12-30 | 2022-11-22 | 深信服科技股份有限公司 | Database security access method, device, equipment, system and readable storage medium |
| CN113395234A (en) * | 2020-03-12 | 2021-09-14 | 腾讯科技(深圳)有限公司 | Traffic hijacking monitoring method and device for promotion information |
| CN113158187B (en) * | 2021-03-26 | 2022-12-23 | 杭州数梦工场科技有限公司 | Method and device for detecting click hijacking and electronic equipment |
-
2022
- 2022-12-31 CN CN202211727849.XA patent/CN115695050B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067385A (en) * | 2012-12-27 | 2013-04-24 | 深圳市深信服电子科技有限公司 | Defensive method and firewall for session hijacking and attacking |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115695050A (en) | 2023-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10164993B2 (en) | Distributed split browser content inspection and analysis | |
| US10341380B2 (en) | Detecting man-in-the-browser attacks | |
| US9900346B2 (en) | Identification of and countermeasures against forged websites | |
| US10826872B2 (en) | Security policy for browser extensions | |
| US8353036B2 (en) | Method and system for protecting cross-domain interaction of a web application on an unmodified browser | |
| US8826411B2 (en) | Client-side extensions for use in connection with HTTP proxy policy enforcement | |
| US10574697B1 (en) | Providing a honeypot environment in response to incorrect credentials | |
| US8910247B2 (en) | Cross-site scripting prevention in dynamic content | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| US20080301766A1 (en) | Content processing system, method and program | |
| US20140283078A1 (en) | Scanning and filtering of hosted content | |
| US10778687B2 (en) | Tracking and whitelisting third-party domains | |
| US20190222587A1 (en) | System and method for detection of attacks in a computer network using deception elements | |
| Kaur et al. | Browser fingerprinting as user tracking technology | |
| Suri et al. | An approach to perceive tabnabbing attack | |
| Franken et al. | Exposing cookie policy flaws through an extensive evaluation of browsers and their extensions | |
| CN116484338A (en) | Database access method and device | |
| Chorghe et al. | A survey on anti-phishing techniques in mobile phones | |
| Wedman et al. | An analytical study of web application session management mechanisms and HTTP session hijacking attacks | |
| US10686834B1 (en) | Inert parameters for detection of malicious activity | |
| CN115695050B (en) | Method and device for preventing click hijacking attack, electronic equipment and storage medium | |
| CN114048483A (en) | XSS vulnerability detection method, device, equipment and medium | |
| CN115917541A (en) | User interface for web server risk awareness | |
| Kavitha et al. | HDTCV: Hybrid detection technique for clickjacking vulnerability | |
| Zaheri et al. | Leakuidator: Leaky resource attacks and countermeasures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |