1 / 13

A Server Solution for Cookie-Stealing-Based XSS Attacks

A Server Solution for Cookie-Stealing-Based XSS Attacks. Jhen -Li Wang, Shih-Jen Chen, Chia-Hao Lee, Fu- Hau Hsu. CSIE@NCU – ADLab , Networks & Multimedia Institute For Information Industry. Stored XSS. Reflected XSS. Stored XSS. Reflected XSS. X S S. How to defend XSS?.

daquan-conley
Download Presentation

A Server Solution for Cookie-Stealing-Based XSS Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Server Solution for Cookie-Stealing-Based XSS Attacks Jhen-Li Wang, Shih-Jen Chen, Chia-Hao Lee, Fu-Hau Hsu CSIE@NCU–ADLab, Networks & Multimedia Institute For Information Industry

  2. Stored XSS Reflected XSS Stored XSS Reflected XSS X S S

  3. How to defend XSS?

  4. We do this… Modify KERNEL

  5. Finish. And wait for next.

  6. sys_read • do_sock_read • sock_recvmsg • skb_copy_ • datagram_iovec • tcp_recvmsg • inet_recvmsg • memcpy_toiovec • copy_to_user

  7. Web Server Application User mode Kernel mode Cookie Verifier Cookie Cleaner CookieAbstractor Cookie Table Payload Collector Packet 比對cookie 和 IP 檢查table node的時間, 看是否須清除 捉cookie, source IP, 算時間 (Hash table) 儲存cookie(key),IP, 時間 捉封包資料

  8. Finish. And wait for next.

More Related