| With the development of network infrastructure and the low-layer detecting and defense system, network attacks now gradually migrate from IP layer and TCP layer to the application layer. As the main carrier for the transmission of information, the economic influences hided in Web application as well as the countless bugs caused by the development of application layer protocols also make the attackers focus on the application layer. Being the main carrier of Web application, HTTP protocol is often utilized to implement the network attacks.Web attacks can be divided into two types:one is the "classic" web attacks which focus on server (web) and its back end (app, DB) with acknowledging the existence of a browser. Such as server attacks, application attacks, Back-end/DB attacks (SQL Injection), Session hijacking and Cross-Site Scripting (XSS). And the other type is peripheral web attacks, which focus on what’s between the server and the client-making use of the HTTP data flow to reduce the security of web systems."HTTP Response Splitting" is an application attack technique. The attacker sends a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response, in the normal case.In order to achieve the goal of detecting this attack, experiments are carried out to simulate the HTTP Response Splitting and its derived attack-Web Cache Poisoning attack. This detection method can not only be applied to detect the HTTP Response Splitting, but also be extended to detect other similar HTTP attacks, which can make up for the deficiencies of anomaly detection in the application layer of current network security system, and become a theoretical reference to web application security in the future. |
PDF Full Text Request