Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related devices

A communication method and attack perception technology, which is applied in the field of SSLStrip threat perception solutions, can solve the problems of affecting network access efficiency, low perception accuracy of threat perception technology, lack of universality, etc., and achieve good versatility and high perception accuracy Effect

Inactive Publication Date: 2019-12-10
WUHAN ANTIY MOBILE SECURITY
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The embodiment of the present invention provides a honeypot server communication method, an SSLStrip man-in-the-middle attack perception method, related devices, computer equipment, and computer storage media, which can solve the problem of low accuracy of the existing SSLStrip threat perception technology, affecting network access efficiency and lack of versatility The problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related devices
  • Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related devices
  • Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0090] As mentioned above, when there is a man-in-the-middle attack or no man-in-the-middle attack between the ordinary terminal and the normal server with redirection deployed, after the ordinary terminal sends HTTP protocol request to the normal server with redirection deployed by HTTP protocol, the received In the received HTTP response, the status code is different, and the response header is different, including the Location field of the automatic redirection address or not including the Location field at all. Based on this principle, this embodiment deploys a honeypot server 212 in the network environment. The honeypot server 212 is a normal server that simulates the above deployment of automatic redirection. The honeypot server 212 is used to detect whether the terminal is attacked by a man-in-the-middle. Specifically, the terminal under test 211 determines whether there is a man-in-the-middle attack according to the HTTP response received after accessing the honeypot se...

Embodiment 2

[0116] image 3 It is a flow chart of the SSLStrip man-in-the-middle attack sensing method according to Embodiment 2 of the method of the present invention. The SSLStrip man-in-the-middle attack perception method is applicable to tested terminals, which include but not limited to PC hosts, mobile tested terminals, servers, and the like. see image 3 , in this embodiment, the method includes:

[0117] Step S301, initiate an HTTP page access request to the honeypot server with the HTTP protocol, wherein the honeypot server is a normal server that is simulated and deployed with automatic redirection;

[0118] In an optional implementation of this embodiment, the HTTP page access request includes: sending source information, URL address information of the honeypot server, a destination port number for requesting page service, and a method for requesting page service. Wherein, the sending source information includes the MAC address of the terminal under test itself. The URL add...

Embodiment 3

[0132] In this embodiment, the honeypot service site is configured to automatically redirect to https: / / weixin.xxx.com when accessing http: / / weixin.xxx.com as an example, to specifically describe the implementation of the SSL man-in-the-middle attack sensing method.

[0133] Firstly, the specific configuration of the honeypot service site is explained. The domain name of the honeypot service site is configured as weixin.xxx.com. When the terminal under test initiates an HTTP page access request with the URL address http: / / weixin.xxx.com, the honeypot server judges the terminal under test according to the HTTP page access request Whether to request access to the default page content configured in the root directory of the honeypot service site. Specifically, the honeypot service site judges whether the destination port number of the requested service is the default port 80 of the HTTP service, whether the method of requesting the service is the GET method, whether the URL addre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a honeypot server communication method, an SSLStrip man-in-the-middle attack perception method, a related device, computer equipment and a machine readable medium, and belongs to the field of information security. The honeypot server communication method comprises the steps: directly or indirectly receiving an HTTP page access request transmitted by a tested terminal through an HTTP protocol after simulating the deployment of an automatic redirection normal server; and returning the HTTP response directly or indirectly to the tested terminal so that thetested terminal is enabled to judge whether the man-in-the-middle attack exists according to the received HTTP response, wherein the HTTP response comprises the state code and the response header. According to the scheme, whether the man-in-the-middle attack exists or not is judged only by simulating normal network communication once, the perception accuracy is high, the normal network access efficiency of the tested terminal is not influenced, an HTTP message header does not need to be analyzed, and better universality is achieved.

Description

technical field [0001] The present invention relates to the field of information security, and more particularly to an SSLStrip threat awareness scheme. Background technique [0002] In the early data communication, the client and the server communicated using HTTP (protocol HyperText Transfer Protocol, hypertext transfer protocol). The HTTP protocol sends content in plain text and does not provide any form of data encryption. If an attacker intercepts the transmission message between the client (such as a web browser) and the website server, he can directly read the information in it. Therefore, HTTP The protocol is not suitable for transmitting some sensitive information, such as credit card numbers, passwords, etc. With the development of communication technology, HTTPS protocol (Hyper Text Transfer Protocol Secure Socket Layer, hypertext transfer protocol secure version) is used to communicate between client and server to replace HTTP protocol to transmit sensitive info...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1491H04L63/168
Inventor 关杰文严志润董超马致远
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap