硕士论文-面向AJAX框架Web服务的攻击和安全防御

上海交通大学硕士学位论文面向AJAX框架Web服务的攻击和安全防御姓名：陈悦申请学位级别：硕士专业：通信与信息系统指导教师：薛质20061201IAJAXWebWebWebXMLHTTPRequestGoogleMicrosoftAJAX2005Internet20052006WebWeb2.0WebAJAXWebAJAXAJAXWebAJAXAJAXJavaScriptAJAXAJAXAJAXIIAJAXAJAXAJAXAJAXAJAXWeb2.0WebWebIIINETWORKATTACKANDDEFENSEONAJAXFRAMEWORKABSTRACTWiththeswiftdevelopmentofnetworkcommunicationandcomputertechnology,webservicesbecomemoreandmorediversified.TraditionalWebtechnologycannotfulfilltherequirementofmodernnetworkduetolimitationoninteractionandrealtiming.However,AJAXframeworkcomesintobeingin2005andbecomespopularin2006withstrongsupportsfromGoogleandMicrosoft.BasedonXMLHTTPRequest,AJAXframeworkstrengthensoninteractionandrealtimingandisregardedasthestandardforWebserviceofnextgenerationwiththetitleofWeb2.0.Atfirst,thispaperanalyzestheinfrastructureofAJAXWebservice.WiththestudyonAJAXtechnicalbase,componentstructureandworkflow,notonlytheadvantageofAJAXframeworkisentirelydemonstrated,buttheweakageofAJAXframeworkispointedout.Secondly,weresearchthesecurityissuesthatAJAXframworkfaces.IVByanalyzingvariousinjectionissues,webbrowserissue,crossdomainissue,AJAXbridgeissueandmaliciousJavascriptissue.Etc,allattackmethodsagainstAJAXframeworkarebroughtforward.ThentheonlytwoexistingAJAXwormsaredissectedindetailswithanatomiseoftheirmechanismandtechnology.Toimprovetheseprematureworms,wegivealltech-developmentsandcomponentsstructureofnextgenerationAJAXworms.TheapproachestoimplementnewcyberAJAXwormareprovenfeasibleinthissection.Inthelast,weresearchaseriesofalgorithmandsolutiontodetectattacksonAJAXframeworkandtoevaluatesecurityholesinAJAXframework.WealsopresentadozenofimportantsecuritypolicesonAJAXframeworkdevelopment,whichmayreducethreatsonAJAXframeworkmostlyinthefuture.KEYWORDS:AJAX,Web2.0,Websecurity,Webworm20070111200701112007011111.1Internet180InternetAJAXWEB2.02005GoogleApacheAJAX2006E-mailBLOGAJAXAJAXHTTPWebAJAXWebAJAX1.21UnixWindowsNTWindowsServer22FTPTelnet34TCP/IPIPIPsec(IPSecurity)IP56WebJAVAActiveXWeb(Web)7ftpP2PAJAXWebWebWebAJAXWebAJAXAJAXAJAXWebAJAXWeb2.0AJAX31.3AJAXAJAXAJAXAJAXAJAXIDSIPSAJAXAJAXWebAJAXWeb2.01.46AJAXAJAXWebWeb1.0AJAXWebWeb2.0AJAXSQLXMLXSSJavaScriptDoSAJAXAJAXAJAXAJAXAJAXAJAXAJAXWeb2.042.1WebhtmlJavaScriptIframebbsUnixPHPMicrosoftASPPHPASPhtmlWebhttpGETPOSTPHPASPHTMLPHPASP(form)web1.2.WebHTML3.WebWebHTTPHTTP+CSSHttp21WebFigure21TheArchitectureoftraditionalWebApplication2-1Web1253---2-2[3]22WebFigure22Thework-flowoftraditionalWebApplication2.2AJAXWebAJAXAsynchronousJavaScriptandXMLJavaScript(XML)WebAjaxWebWebWebAJAX[2]JavaScriptAjaxCSSWebDOMJavaScriptHTMLXMLXMLHttpRequestWebWeb6XML2-3WebJavascriptCSSDOMXMLHttpRequsetWebWebHttp23AJAXFigure23AJAXComponetsandtheirrelationshipAJAXCSSDOMJavaScriptHTMLDHTMLDHTML1997WebHTML[2]AJAXXMLHTTPRequestXMLHTTPRequestHTTP(GET7POST)XMLWebXMLHTTPRequestCSSDOMJavaScriptAJAXMozilla,InternetExplorerJavaScriptonkeypress,onmouseover,onreadystatechangeWebonreadystatechange[1]XMLHTTPRequestWeb24AJAXJavaScriptFigure24SimplestimplementationofAJAXframeworkbyJavaScriptWebWebWebXMLJavaScriptJavaScriptWebvarxmlHttp=newXMLHttpRequest();//varname=document.getElementById(name).value;varcity=document.getElementById(city).value;//varurl==+escape(name)+&city=+escape(city);//XMLHttpRequestxmlHttp.open(GET,url,true);//WebxmlHttp.onreadystatechange=updatePage;//XMLHttpRequestWebxmlHttp.send(null);//functionupdatePage(){……..8WebXMLHTTPHttpAJAXJavascriptHTML+CSSXML25AJAXFigure25TheArchitectureofAJAXApplicationGoogleEarthAJAX2-6[3]UIAJAX26AJAXWebFigure26Thework-flowofAJAXWebApplication2.3AJAXWebAJAXWebAJAXAJAX9HTMLWebAJAXAJAXXMLHTTPRequestMozillaInternetExplorerXMLHTTPRequsetXMLHTTPRequestXMLHTTPRequestWebAJAXAJAXXMLHTTPRequestMozillaIEAJAXWebWebPHPASPJAVAJavaScriptJavaScriptAJAXWebAJAX“”JavaScriptAJAXWebbugAJAXAJAXWebWebAJAXURLAJAXAJAXWeb(Javascript)(JavaPHPRPC,C#)10WebAJAX[7]2.4AJAXWebWebAJAXWebWebAJAX11AJAX3.1AJAX3.1.1AJAXAJAXWeb[7]Web2-3WebAJAX3.1.1AJAXAJAXAJAXSSLDirectLoginHashJavaScriptHashAJAXJavaScriptWebMozzilla[30][3]12WEBInternetMD5Digest31DirectLoginFigure31PrincipleofDirectLogin3.2Netscape,InternetExplorerFixfox(Mozilla)=5.0JavaScriptJavaScriptJavaScriptimgscriptJavaScriptAJAXSamyInternetExplorerdivMozillaJavaScriptJavaScriptFirfoxJavaScriptCVE(CAN)ID:CVE-2006-3677WebcookieCVE(CAN)ID:CVE-2006-3802CVE(CAN)ID:CVE-2006-3810AJAX133.3SQL3.3.1SQLSQLWebSQLWebSQLWebWebshell(ASP)[11]strUsernamestrPassword‘OR‘‘=‘SQLQueryWebSQLSQLQuery=SELECTUsernameFROMUsersWHEREUsername=‘&strUsername&‘ANDPassword=‘&strPassword&‘strAuthCheck=GetQueryResult(SQLQuery)IfstrAuthCheck=ThenboolAuthenticated=FalseElseboolAuthenticated=TrueEndIfSELECTUsernameFROMUsersWHEREUsername=‘‘OR‘‘=‘‘ANDPassword=‘‘OR‘‘=‘‘143.3.2SQLAJAXAJAXAJAXWeb(1)WebBBSPOSTGETTextWebAJAX(2)GoogleMapJavaScriptC#countrySQLcounrtycountrycountryHTTPGETPOSTWebJavaScriptXMLHTTPRequestWebWebSQLnetcattelnet”country=x’OR‘1’=‘1”countryWeb[System.Web.Services.WebMethod]publicSystem.Collections.IEnumer