Kyungroul Lee, Hyungjun Yeuk, Sungkwan Kim, Kangbin Yim
{"title":"HTTP客户端中httpendrequest挂接用户认证的安全性评估","authors":"Kyungroul Lee, Hyungjun Yeuk, Sungkwan Kim, Kangbin Yim","doi":"10.1109/IMIS.2013.127","DOIUrl":null,"url":null,"abstract":"Most current user authentications on the web server use the server/client based HTTP protocol. In the past, the ID-password based user authentication is exposed the plaintext on the network, because of this problem, the user authentication using the SSL is researched. Through this solution, transferred the user authentication information is able to protect on the network. Nevertheless, a novel problem comes to the fore as an attack using vulnerability of the platform and it causes exposure of the user authentication information. In particular, the attacker utilizes the hooking technique for steal the user authentication information by HttpSendRequest function that sends the user authentication or connection related information. Therefore, in this paper, we analyze this kind of vulnerability and draw its result using implemented sample proof-of concept tools.","PeriodicalId":425979,"journal":{"name":"2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security Assessment on User Authentication by an HttpSendRequest Hooking in an HTTP Client\",\"authors\":\"Kyungroul Lee, Hyungjun Yeuk, Sungkwan Kim, Kangbin Yim\",\"doi\":\"10.1109/IMIS.2013.127\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most current user authentications on the web server use the server/client based HTTP protocol. In the past, the ID-password based user authentication is exposed the plaintext on the network, because of this problem, the user authentication using the SSL is researched. Through this solution, transferred the user authentication information is able to protect on the network. Nevertheless, a novel problem comes to the fore as an attack using vulnerability of the platform and it causes exposure of the user authentication information. In particular, the attacker utilizes the hooking technique for steal the user authentication information by HttpSendRequest function that sends the user authentication or connection related information. Therefore, in this paper, we analyze this kind of vulnerability and draw its result using implemented sample proof-of concept tools.\",\"PeriodicalId\":425979,\"journal\":{\"name\":\"2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMIS.2013.127\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMIS.2013.127","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Assessment on User Authentication by an HttpSendRequest Hooking in an HTTP Client
Most current user authentications on the web server use the server/client based HTTP protocol. In the past, the ID-password based user authentication is exposed the plaintext on the network, because of this problem, the user authentication using the SSL is researched. Through this solution, transferred the user authentication information is able to protect on the network. Nevertheless, a novel problem comes to the fore as an attack using vulnerability of the platform and it causes exposure of the user authentication information. In particular, the attacker utilizes the hooking technique for steal the user authentication information by HttpSendRequest function that sends the user authentication or connection related information. Therefore, in this paper, we analyze this kind of vulnerability and draw its result using implemented sample proof-of concept tools.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
