Home > Article > Operation and Maintenance > Why is the traffic still being hijacked even though I use HTTPS?
Why is the traffic still being hijacked even after using HTTPS?
Hello, I am Xiaoxue from the Chrome browser company. Recently, many strange advertisements often appear on the web pages we visit Qiandu.com and Taobei.com, and we have been complained about. I heard from the leader that 361 Mr. Zhou from the anti-virus company is an expert in this field. I would like to ask you to help diagnose where these advertisements came from.
Old Zhou, someone is looking for you. Early in the morning, Lao Zhou from the 361 anti-virus company was arrested Wake up. The sun was shining brightly today. Lao Zhou stretched his waist and then walked towards the studio.
Pictures from Pexels
1、Advertising again
"Who came to make a noise early in the morning and ruined my drowsiness?" It could be heard that Lao Zhou was a little unhappy.
"Dong dong~" Lao Zhou raised his head slightly and saw a sweet woman appearing in front of the studio door.
Recommended: "Web Server Security Tutorial"
Lao Zhou jumped up from his seat and did three steps at the same time In two steps, he walked up to the woman and made a welcoming gesture: "Come in, beauty."
After the two sat down, Lao Zhou held up the frame of the mirror and straightened his plaid shirt. He asked softly in a gentle manner: "I wonder why the beauty came to visit?"
The woman looked anxious, "Hello, I am Xiaoxue from the Chrome browser company. Recently, many strange advertisements often appear on the web pages we visit Qiandu.com and Taobei.com, and we have been complained about. Listen to the leadership He said that Mr. Zhou from 361 Anti-Virus Company is an expert in this field and would like to ask you to help diagnose where these advertisements came from.” Embarrassed, he waved his hands again and again, "It turns out to be Miss Xiaoxue, where are you? Fighting virus Trojans and eradicating rogue software is my duty as a company. I'm just doing my little bit."
"Teacher Zhou, don't be modest. Your story of uncovering the IE company's Trojan horse invasion has spread throughout the Windows empire. Everyone knows how powerful you are. I'll leave the advertising issue this time." Xiaoxue looked at Lao Zhou as if there were stars in her eyes.
"You're welcome, I'll take care of this." Xiaoxue stood up, said a few words of thank you, and left. 2,Who touched the HTTPS trafficAt this moment, the person responsible for network data filtering Dabai was busy when suddenly a hand was put on his shoulder. Dabai turned around and saw that it was Lao Zhou. "Old Zhou, what brought you here? If you are not analyzing malicious code in the security laboratory, why are you coming to our network department?"
Old Zhou took a picture of Dabai. on his shoulder, he said: "Dabai, I have something to ask you for help with. Can you help me check if there are ads inserted into the traffic of the Chrome browser?" "That's it. Some time ago, I discovered that the router was constantly inserting advertisements, so I blocked the features. I thought they had stopped, but then they came back again a few days ago?" After Dabai finished speaking, he pulled up the Chrome company's traffic, ready to take a look. The more Dabai looked at it, the tighter his brows furrowed. "Probably not. I see that the HTTPS protocol is used to access Qiandu.com and Taobei.com. Logically speaking, it is impossible for the router to insert advertisements!" "HTTPS protocol? Why can't I insert ads using this protocol?" Lao Zhou asked. "I don't know this, how did you become the leader of the 361 Company Security Laboratory?" Dabai had a speechless expression on his face.Lao Zhou was a little embarrassed, "Hey, brother, don't make fun of me. Is there any specialization in this industry? I am good at analyzing virus and Trojan code, and I am very familiar with network protocols. I really don’t know much about Kuai, so please tell me, Brother Dabai.”
Dabai seemed to feel that his words were a bit harsh, so he took advantage of the situation and said, "Old Zhou, I just joked with you, please don't take it seriously."
"It's okay, it's okay. Please tell me about the HTTPS protocol and help me solve the case as soon as possible!" "Okay, please wait a moment." After saying that, Dabai began to write on the whiteboard Painted on it.3、What is HTTPS
"HTTPS=HTTP SSL/TLS, this technology, It can be said to be simple or complicated. To put it simply, for the security of network data, traditional Internet HTTP traffic is protected through encrypted transmission." Dabai told Lao Zhou while drawing a picture.
"Understood, then the question is, what encryption and decryption algorithm is used? How does the other party know what algorithm to use and what key to use for decryption?" Lao Yiyi caught him. Coming to a critical point.
"Oh, that's an important point. Before the data is officially transmitted, both parties will have a negotiation process to agree on the encryption algorithm selected later and the key to be used."
"Then the question comes again. If the content of this negotiation is known to others, can't he follow the picture and decrypt the transmitted content?" Lao Zhou responded quickly.
"Lao Zhou is indeed Lao Zhou! It doesn't matter if the encryption algorithm is known. After all, the algorithms are public. The key lies in the key used for subsequent encryption. This is the key that needs to be protected. This cannot be Let others know." After that, Dabai continued to draw.
"So? How to protect this key? You can tell me." Lao Zhou was a little anxious.
"Attention, high energy is coming. Both parties use a method called asymmetric encryption to transmit..."
"Wait a moment", Lao Zhou interrupted Dabai, "Asymmetric Encryption, what does this mean?"
Dabai sighed silently, "The common encryption method is called symmetric encryption algorithm. The so-called symmetry means that the same key is used for encryption and decryption. In contrast, Asymmetric encryption means that different keys are used for encryption and decryption. You see?"!
Lao Zhou thought for a moment and nodded, "I understand. , you continue what you just said, how to use this asymmetric encryption algorithm to transmit the key needed later!"
Dabai continued: "The client generates a random number, uses the public key to encrypt it, and sends it to On the server side, the server uses the private key to decrypt to obtain the random number, and then calculates a key based on the random number and other information, which is used as the key for subsequent encryption of content!"
"Wait, client Where does the client's public key come from?"
"At the beginning, the client sends a request, and the server will tell the client the public key in the response. Okay, I've finished drawing, the whole process That's it."
Dabai put down his brush, and a complete HTTPS protocol handshake process diagram emerged:
Lao Zhou looked at it repeatedly, and finally after a long time He said: "I understand the process, but I always feel that this is unnecessary. Just use the asymmetric encryption algorithm directly, so much trouble!" The asymmetric encryption and decryption algorithm is much more troublesome to execute and will take many times more time. If the asymmetric encryption algorithm is used throughout the entire process, it will seriously affect the Internet experience. The algorithm is a good algorithm, but it is also very expensive to use, so there is a trade-off Under this circumstance, good steel is used on the blade and is only used to transmit the key. The subsequent formal data transmission still uses the conventional symmetric encryption algorithm, which is cost-effective."
Lao Zhou nodded, He lowered his head to think for a while, and then looked up at the flow chart.
After a long time, Lao Zhou pointed to the flow chart and asked again: "I said Dabai, if I insert a role between the client and the server, pretend to be the server to the client, and pretend to be the server to the server By pretending to be a client, you can interfere with it, modify data packets, and insert advertisements, right?"
Dabai, who was drinking water, choked and coughed after hearing this, "You What we are talking about is a man-in-the-middle attack! You think HTTPS is a toy, it can be hijacked so easily, it’s a joke! Pay attention to the picture, there is an authentication link there, not everyone can impersonate it!"
Lao Zhou watched again He looked at the picture and said, "How to authenticate the Fa, I would like to hear it!"
"In the response of the server, the public key I mentioned earlier is in something called a certificate. This certificate is used to identify the identity of the server and is issued by an authoritative organization. After the client receives the certificate, It will check whether it is trustworthy. If it is not trusted, the subsequent process will be terminated in time."
"Then how to judge whether a certificate is trustworthy?"
"The empire has already The trusted certificate is installed, and you only need to call the API to check it!"
Lao Zhou thought about it over and over again, always feeling that there was something wrong, but he couldn't figure it out.
4, There is only one truth
After several days, Lao Zhou still remained Without a clue, the matter was shelved.
Blessings come in pairs, and misfortunes never come alone. This case has not yet been resolved, but something happened to Firefox again.
It turned out that 361 Antivirus Company detected that Firefox secretly started a process with Trojan horse characteristics. Lao Zhou once again led a team to investigate, and Xiaohu from Firefox Company was responsible for handling the matter.
Lao Zhou came to the Firefox disk storage directory and planned to check the origin of the Trojan file first.
#"What kind of data is this?" Lao Zhou asked, pointing to a pile of documents.
"Teacher Zhou, this is the web page cache data," Xiaohu on the side replied.
"Open it and see if you can find some traces of the attack?"
Lao Zhou looked around, pointed at another pile of files and asked: "What kind of data is this?"
"Teacher Zhou, this is a bunch of certificate information, which is used to authenticate the server during the HTTPS handshake. It should have nothing to do with this attack," Xiaohu continued to explain.
"For authentication? Doesn't the Empire store trusted certificates? Why do you still save the certificate information?" Lao Zhou was a little confused.
"We don't recognize the trusted certificates stored in Empire. Who knows what certificates are in there? It's too unreliable. We, the Firefox browser company, do our own certification and don't use that set of things." Xiaohu Yan There was a little bit of pride between them.
After listening to Xiaohu's answer, Lao Zhou was suddenly stunned. After a few milliseconds, he reacted and took out the Qiandu.net certificate he got from the Chrome company, intending to ask Xiaohu to take a look.
Xiaohu took the certificate, looked at it carefully, and after a moment said firmly: "There is something wrong with this certificate!"
A bright light flashed in front of Lao Zhou's eyes, and he asked: "Where is the problem? ?"
"This certificate authority is called ABSafe, which is not in our trusted list! Besides, I have a certificate from Qiandu.com cached here, which is not the case at all. , this must be fake, look!"
Lao Zhou took the two certificates and checked them repeatedly, nodding from time to time. The question that had been bothering him for a long time finally had the answer.
"I understand, there is only one truth! Someone must have installed this ABSafe authority into the empire's trusted list, thus deceiving the Chrome company! HTTPS man-in-the-middle hijacking! YES!", Lao Zhou After speaking, he waved his fist vigorously.
"Teacher Zhou, what are you talking about? Why can't I understand?" Seeing Old Zhou talking to himself, Xiaohu's face was full of question marks.
Lao Zhou told Lao Qi, who was traveling with him, to continue the investigation, and hurriedly said goodbye to Xiao Hu and left.
That night, two black figures appeared in the empire's trusted root certificate warehouse.
"It turns out that someone deleted the root certificate we installed. No wonder the Chrome browser reported a warning when visiting Qiandu.com," one of the fat black figures said.
The thin black shadow covered the fat man's mouth, "Shh, give me some wind, I'll reinstall it!"
The thin black shadow tiptoed over, He took something out of his arms.
"Don't move! Security check!" Suddenly a beam of light came over. It turned out that Lao Zhou and his team had been lurking here for a long time.
"It's you, Master Banguang! You also added the advertisements on Qiandu.com and Taobei.com, right?" Lao Zhou asked loudly.
The fat and thin shadows looked at each other and honestly explained everything.
Easter egg: "Lao Qi, have you found anything about the Firefox case?" "Lao Zhou, you'd better come here again, the situation is a bit complicated." If you want to know what happened next, please pay attention to the follow-up...
For more security and Introduction to Programming knowledge, please pay attention to the PHP Chinese website!
This article is reproduced from: https://netsecurity.51cto.com/art/202002/610987.htm
The above is the detailed content of Why is the traffic still being hijacked even though I use HTTPS?. For more information, please follow other related articles on the PHP Chinese website!