当前位置:首页 > 报告详情

通过 HTTP2 服务器推送和签名 HTTP 交换进行跨域 Web 攻击.pdf

上传人: 竿*** 编号:981949 2025-11-29 52页 2.05MB

1、#BHUSA BlackHatEventsCross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange Speaker:Pinji ChenContributors:Jianjun Chen,Qi Wang,Mingming Zhang,Haixin Duan#BHUSA BlackHatEventsTalk Roadmap What is SOP and What has been changed in todays“origin”definition?What novel threats/attacks w

2、ould this change bring to the Web?Are these attacks practical in the real world?Our work:CrossPUSH and CrossSXG attackSome practical attack techniques caused by Web PKI weaknessA real-world case we found#BHUSA BlackHatEvents“URI-based”same-origin policy(SOP)URI-based origintriple of scheme,host,port

3、BrowserWeb Server()SOP IGET http:/ responseWeb Server()SOP is a cornerstone of web security designed to safeguard user data against cross-origin attackse.g.“https”,“”,“443”#BHUSA BlackHatEventsDo you know other definition of origin#BHUSA BlackHatEvents“SAN-based”originHTTP/2 and HTTP/3 consider any

4、hosts listed in the SAN of the certificate are same origin(RFC9110-HTTP Semantics,RFC9113-HTTP/2,SXG draft)Subject Alternative Name(SAN)* TLS certificate is shared with many hosts*,*,admob-,*,* .#BHUSA BlackHatEventsSAN-based origin is more permisssive 96%certificates have multiple domains in SAN li

5、st.Even 3.2%contain domains from different organizations11 Cangialosi F et al.Measurement and analysis of private key sharing in the https ecosystemC/Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:628-640.multi-domain shared certificate is general#BHUSA Bl

6、ackHatEventsSAN-based origin is more permisssive 96%certificates have multiple domains in SAN list.Even 3.2%contain domains from different organizations1URI-based OriginSAN-based Originhttps:/ is more permissive!1 Cangialosi F et al.Measurement and analysis of private key sharing in the https ecosys

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange》的内容,以下是全文关键点: 1. **SOP与“origin”定义变化**:传统的基于URI的SOP定义被基于SAN的origin定义所替代,导致更宽松的跨源策略。 2. **新型威胁**:基于SAN的origin定义使得HTTP/2 Server Push和Signed HTTP Exchange(SXG)容易受到CrossPUSH和CrossSXG攻击。 3. **攻击可行性**:攻击者可以通过获取与受害者网站共享的证书来实施攻击,攻击持续时间可长达证书有效期。 4. **攻击实例**:研究发现,许多顶级网站存在共享证书,包括ftstatic.com和baidu.com。 5. **攻击影响**:攻击可能导致跨站脚本(XSS)、Cookie操纵和HSTS绕过等安全漏洞。 6. **缓解措施**:建议浏览器厂商和证书颁发机构采取措施,如强制实施单域名证书、在浏览器中实施一致的权威性检查等。
揭秘跨域攻击" 你的网站安全吗?" 如何防范跨域攻击?"
客服
商务合作
小程序
服务号
折叠