为什么屏蔽WebSockets?

时间:2015-10-21 03:00:42

标签: security web websocket masking

我正在关注MDN在Writing a WebSocket server上提供的指南,该指南非常简单易懂...

但是,按照本教程,我遇到了来自客户端的WebSocket消息的框架:


0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-------+-+-------------+-------------------------------+
|F|R|R|R| opcode|M| Payload len |    Extended payload length    |
|I|S|S|S|  (4)  |A|     (7)     |             (16/64)           |
|N|V|V|V|       |S|             |   (if payload len==126/127)   |
| |1|2|3|       |K|             |                               |
+-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
|     Extended payload length continued, if payload len == 127  |
+ - - - - - - - - - - - - - - - +-------------------------------+
|                               |Masking-key, if MASK set to 1  |
+-------------------------------+-------------------------------+
| Masking-key (continued)       |          Payload Data         |
+-------------------------------- - - - - - - - - - - - - - - - +
:                     Payload Data continued ...                :
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
|                     Payload Data continued ...                |
+---------------------------------------------------------------+

在制作了一些函数来正确地取消屏蔽客户端发送的数据和帧之后,它让我想知道为什么数据甚至会被掩盖开始。我的意思是,您不必屏蔽从服务器发送的数据......

如果有人因为不正当的原因获取数据,则可能相对容易取消屏蔽,因为屏蔽密钥包含在整个消息中。或者甚至只要它们没有密钥,框架中的屏蔽密钥只有2个字节长。有人可以轻松取消屏蔽数据,因为密钥非常小。

我想知道为什么数据被屏蔽的另一个原因是因为你可以通过在TLS / SSL和HTTPS上使用WSS(WebSockets Secure)来保护你的WebSocket数据比屏蔽更好。

我是否忽略了为什么WebSockets被屏蔽的重点?似乎只是在没有添加任何安全性的情况下添加客户端发送的数据时,只是添加了无意义的斗争。

2 个答案:

答案 0 :(得分:10)

jfriend00的评论与良好的信息有很好的联系......

我想指出一些显而易见的事实,以便表明屏蔽未加密的websocket连接是必要的要求,而不仅仅是有益的:

代理,路由器和其他中介(特别是ISP)经常读取客户发送的请求并且"更正"任何问题,添加标题,否则"优化" (例如从缓存响应)网络资源消耗。

某些标头和请求类型(例如Option)通常针对这些中介而非端点服务器。

由于其中许多设备较旧并且不了解Websockets协议,因此可能会编辑或执行看似HTTP请求的明文。

因此,有必要明确的文本将被转移"无法识别的字节,以启动"传递"而不是"处理"。

在这一点之后,它只是利用掩蔽来确保黑客没有反转"这种掩蔽发送恶意帧。

至于要求Connect而不是屏蔽 - 我知道这是在编写标准时考虑的......但是在证书免费之前,这将使任何需要SSL / TLS的Web标准成为"有钱人"标准而非互联网解决方案。

至于"为什么掩盖wss数据?" - 我不确定这个,但我怀疑这是为了让解析器与连接无关并且更容易编写。在明文中,未屏蔽的帧是协议错误,导致服务器启动断开连接。使解析器的行为相同,无论连接如何,都允许我们将解析器与原始IO层分开,使其与连接无关,并为基于事件的编程提供支持。

答案 1 :(得分:2)

实际上,确定的RFC RFC 6455 The WebSocket Protocol有一个解释。我在这里引用它:

 10.3.  Attacks On Infrastructure (Masking)

   In addition to endpoints being the target of attacks via WebSockets,
   other parts of web infrastructure, such as proxies, may be the
   subject of an attack.

   As this protocol was being developed, an experiment was conducted to
   demonstrate a class of attacks on proxies that led to the poisoning
   of caching proxies deployed in the wild [TALKING].  The general form
   of the attack was to establish a connection to a server under the
   "attacker's" control, perform an UPGRADE on the HTTP connection
   similar to what the WebSocket Protocol does to establish a
   connection, and subsequently send data over that UPGRADEd connection
   that looked like a GET request for a specific known resource (which
   in an attack would likely be something like a widely deployed script
   for tracking hits or a resource on an ad-serving network).  The
   remote server would respond with something that looked like a
   response to the fake GET request, and this response would be cached
   by a nonzero percentage of deployed intermediaries, thus poisoning
   the cache.  The net effect of this attack would be that if a user
   could be convinced to visit a website the attacker controlled, the
   attacker could potentially poison the cache for that user and other
   users behind the same cache and run malicious script on other
   origins, compromising the web security model.

   To avoid such attacks on deployed intermediaries, it is not
   sufficient to prefix application-supplied data with framing that is
   not compliant with HTTP, as it is not possible to exhaustively
   discover and test that each nonconformant intermediary does not skip
   such non-HTTP framing and act incorrectly on the frame payload.
   Thus, the defense adopted is to mask all data from the client to the
   server, so that the remote script (attacker) does not have control
   over how the data being sent appears on the wire and thus cannot
   construct a message that could be misinterpreted by an intermediary
   as an HTTP request.

   Clients MUST choose a new masking key for each frame, using an
   algorithm that cannot be predicted by end applications that provide
   data.  For example, each masking could be drawn from a
   cryptographically strong random number generator.  If the same key is
   used or a decipherable pattern exists for how the next key is chosen,
   the attacker can send a message that, when masked, could appear to be
   an HTTP request (by taking the message the attacker wishes to see on
   the wire and masking it with the next masking key to be used, the
   masking key will effectively unmask the data when the client applies
   it).

   It is also necessary that once the transmission of a frame from a
   client has begun, the payload (application-supplied data) of that
   frame must not be capable of being modified by the application.
   Otherwise, an attacker could send a long frame where the initial data
   was a known value (such as all zeros), compute the masking key being
   used upon receipt of the first part of the data, and then modify the
   data that is yet to be sent in the frame to appear as an HTTP request
   when masked.  (This is essentially the same problem described in the
   previous paragraph with using a known or predictable masking key.)
   If additional data is to be sent or data to be sent is somehow
   changed, that new or changed data must be sent in a new frame and
   thus with a new masking key.  In short, once transmission of a frame
   begins, the contents must not be modifiable by the remote script
   (application).

   The threat model being protected against is one in which the client
   sends data that appears to be an HTTP request.  As such, the channel
   that needs to be masked is the data from the client to the server.
   The data from the server to the client can be made to look like a
   response, but to accomplish this request, the client must also be
   able to forge a request.  As such, it was not deemed necessary to
   mask data in both directions (the data from the server to the client
   is not masked).

   Despite the protection provided by masking, non-compliant HTTP
   proxies will still be vulnerable to poisoning attacks of this type by
   clients and servers that do not apply masking.