Pretty-Bad-Proxy: II. SAME-ORIGIN-POLICY AND HTTPS

时间 2019-11-18

标签 pretty bad proxy origin policy https 繁體版

原文原文链接

II. SAME-ORIGIN-POLICY AND HTTPS
html

第二部分：同源策略和HTTPSios

A. Same-Origin Policy A. 同源协议 Browsers support the functionality of downloading contents and executing scripts from different websites at the same time. Given some websites may contain malicious contents, it is crucial that browsers isolate the contents and scripts of different websites in order to prevent crossdomain interference. In addition, browser should allow scripts to access the contents of the same websites in order to perform normal web functionalities. This access-control policy is referred to as the same-origin policy.git

浏览器支持同时从不一样网站下载内容并执行脚本。能够看一些可能包含恶意内容的网站，浏览器经过隔离不一样网站的内容和脚原本防止交叉干扰是相当重要的。另外，浏览器又应该容许脚本处理同一个网站的内容来执行网站正常功能。这种访问控制策略即同源策略。web

Scripts and static contents are rendered and composed into webpages. The same-origin policy is enforced by isolating webpages according to their own security contexts derived from their URLs. A typical URL is represented in the format of “protocol://serverName:port /path?query” and the corresponding security context is a three-tuple <protocol,serverName,port>. As an example, the protocol can be HTTP or HTTPS, the serverName can be www.ebay.com, and the port can be 80, 443, or 8080, etc. 数组

脚本和静态内容被渲染组合成网页。经过网站的URL推断的他们的安全上下文来隔离不一样网站的网页，这样就强制执行了同源策略。一个有表明性的URL格式以下“protocol://serverName:port /path?query”其相对应的安全内容是一个三元数组《协议，域名，端口》。举个例子，协议能够是HTTP或者HTTPS，域名能够是www.ebay.com，端口能够是80,44，或者8080，诸如此类。浏览器

Each webpage is hosted in a frame or an inline frame. A browser window is a top level frame, which hosts the webpage downloaded from the URL shown in the address bar. A webpage can create multiple frames and inline frames to host webpages from different URLs. The access control mechanism between these webpages conforms to the same-origin policy described above. For example, suppose frame w1 loads a webpage from https://bank.com and frame w2 loads a webpage from http://bank.com or https://evil.com. If the script running in w2 attempts to access an HTML object inside w1, the access will be denied by the browser’s security mechanism because of the sameorigin policy. Without the same-origin policy, the document content of https://bank.com would be accessible to a script embedded in the webpage from http://bank.com (which could be faked by proxies and routers because it is not encrypted) or from https://evil.com, which would defeat the purpose of HTTPS.安全

每个网页都承载在一个框架或者内联框架里。浏览器窗口是顶层框架，承载在地址栏展现的URL下载的网页。一个网页能够创造多个框架和内联框架来承载不一样URL对应的网页。这些网页之间的访问控制机制符合上面描述的同源策略。举个例子：假设框架w1从https://bank.com加载了一个网页，w2从http://bank.com 或https://evil.com加载了一个网页。若是w2上运行的脚本试图访问w1里的html对象，因为同源策略，这种访问将被浏览器安全机制拒绝，若是没有同源策略，那来自http://bank.com (因为没有加密，极可能被代理和路由仿冒)或https://evil.com（能够击败HTTPS）网页里的嵌入式脚本将能够访问 https://bank.com 里的内容。服务器

Similar to frame, other objects, such as XML and XMLHTTPRequest, rely on the same-origin policy to protect their documents as well. Also, webpages can be attached with a type of plain-text data called cookies. Cookies have a slightly different same-origin policy, which will be described in Section IV.B. cookie

和框架相似，其余对象，例如XML和XMLHTTPRequest，也依靠同源策略来保护文档。另外，网页也能够被一种叫cookies的无格式数据依附。cookies和同源策略有一点细微的差异，咱们将在第四部分的B描述它。网络

B. Basics of HTTPS and Tunneling

B.HTTPS和隧道的基础知识

HTTPS is the protocol for HTTP communications over Secure Sockets Layer (SSL) or Transport Layer Security (TLS) [6]. For simplicity, in the rest of the paper, we use “SSL” to refer to both SSL and TLS. HTTPS is widely used to protect sensitive communications, such as online banking and online trading, from eavesdropping and man-in-the-middle attacks. At the beginning of an HTTPS connection, the browser and the web server go through an SSL handshake phase to ensure that: 1) the browser receives a legitimate certificate of the website issued by a trusted Certificate Authority (CA); and 2) the browser and the server agree on various cryptographic parameters, such as the cipher suite and the master key, in order to secure their connection. Once the handshake succeeds, encrypted data flow between the browser and the server. A malicious proxy or router may disrupt the communication by dropping packets, but it should not be able to eavesdrop or forge data.

HTTPS是基于SSL或TLS的HTTP通讯协议。为简单起见，后文咱们使用SSL来表示SSL和TLS。HTTPS普遍应用于保护相似在线银行和在线交易等敏感通讯不被窃取和中间人攻击。在HTTPS链接创建之初，浏览器和网站服务器经过SSL握手阶段来确保：1.浏览器接收到该网站的来自CA机构认证的可信任证书 2.浏览器和服务器协商使用多个加密参数来保护链接，相似密码组和密钥。一旦握手成功，加密数据开始在浏览器和服务器之间传输。一个恶意代理或路由可能经过丢包来破坏通讯，可是它不能窃取或伪造数据。

All major browsers support HTTPS communications through HTTP proxy. The mechanism is referred to as “tunneling”. Before starting the SSL handshake, the browser sends an HTTP CONNECT request to the proxy, indicating the server name and port number. The proxy then maintains two TCP connections, with the browser and with the server, and serves as a forwarder of encrypted data. To tunnel the HTTPS packets between the two TCP connections, the proxy needs to set different values in the IP and TCP headers, such as IP addresses and port numbers. But it is not able to manipulate the encrypted payload besides copying it byte-by-byte. Therefore, the proxy does not have any additional information about HTTPS traffic beyond the IP and TCP headers. Normally an adversary must break the cryptographic schemes used by HTTPS in order to access the actual HTTPS contents. Note that a proxy is not a trusted entity in HTTPS communications. By design, confidentiality and authenticity of HTTPS should be guaranteed when the traffic is tunneled through an untrusted proxy; in reality, as we will show in Section V, proxies are widely used in many network environments where proxies are not expected to be trustworthy. Being merely an interconnecting host on the network, the proxy is not a trusted entity that the HTTPS security relies on.

全部的主流浏览器都支持经过HTTP代理进行HTTPS通讯。这种机制即“隧道”。在启动SSL握手前，浏览器向代理发起HTTP链接请求，标明了域名和端口号。而后代理就在浏览器和服务器之间维护两个TCP链接，并转发加密数据。为了在这两个TCP链接里运送HTTPS包，代理须要设置不一样的IP和TCP头，例如IP地址和端口号等。可是它在字节级的拷贝过程当中没法篡改加密包。所以，代理没有任何超出IP和TCP头以外的任何HTTPS传输的附加信息。一般一个敌对者必须破坏HTTPS使用的加密机制来访问HTTPS的实际内容。注意代理并非HTTPS通讯里的可信任实体。HTTPS在设计上就应该确保在经过不可信任的代理时数据的机密性和可靠性，实际上，咱们将在第五部分展现，代理被普遍的使用于不少网络环境，这些环境里原本就没有指望代理的可信任性。仅仅做为网络上互相链接的主机之一，代理并非HTTPS安全性所依赖的可信任实体。

In the next two sections, we describe PBP attack scenarios. The versions of the browsers in our discussion are IE 7, IE 8, Firefox 2, Firefox 3, Safari 3, Opera 9, Chrome Beta and Chrome 1.

在如下两部分，咱们将描述PBP攻击场景。咱们这里讨论的浏览器版本是IE7，IE8，Firefox 2，Firefox 3，Safari 3， Opera 9， Chrome Beta 和 Chrome 1。