詹姆斯·凯特尔_倾听低语实际有效的Web计时攻击.pdf

编号:175607 PDF 35页 6.53MB 下载积分:VIP专享
下载报告请您先登录!

詹姆斯·凯特尔_倾听低语实际有效的Web计时攻击.pdf

1、Listen to the whispersJames Kettleweb timing attacks that actually workPortSwigger ResearchThe timing trapdef strcmp(s1,s2):for c1,c2 in zip(s1,s2):if c1!=c2:return Falsetime.sleep(0.01)return TrueDoes the database contain a password reset token starting with d7e?(not to scale)The timing divideLab-p

2、rovenTheoretical200s(0.2ms,0.0002 seconds)The timing divideMaking timing attacks that work everywhereListening to whispers:Hidden attack-surface Server-side injection Reverse proxy misconfigurationsDefense/Takeaways/QuestionsOutlinePortSwigger/param-minerMaking timing attacks that work everywhereThe

3、 equation for timing attack successMaking timing attacks localTimeless Timing Attacks(2020)The sticky ordering problemSolution#1:resynchronize with dummy parameters on first request Requires per-target configurationFails outright on some targetsAmplifies internal noiseXMaking timing attacks universa

4、l:single-packet attackSPA v1(2023)SPA v2Some servers start processing here:(Enhancing the single-packet attackdisable TCP_NODELAYsend a ping framefor each request with no body:send the headers withhold an empty data framefor each request with a body:send the headers,and the body except the final byt

5、e withhold a data frame containing the final bytewait for 100ms send a ping frame send the final framesBurp Suite Pro/Community enhancement on nginxMaking timing attacks feasibleGET/HTTP/1.1X-U:a255X-U256:aAmplify the signal Longest split code path Think DoSMinimize noise Embrace performance feature

6、s Shortest shared code pathGET/HTTP/1.1Cookie:sid=d83aDNT:1RemoveAdd-256 times easier to detectHidden attack-surfacedoes the application support a query parameter called exec?Guess paramsGuess paramsDiscovery overloadPayloadResponseResponse timefoo:xHTTP/1.1 200 OK50mscommonconfig:xHTTP/1.1 200 OK55

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(詹姆斯·凯特尔_倾听低语实际有效的Web计时攻击.pdf)为本站 (张5G) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠