移动端Web浏览器HTTP流量注入的监控与屏蔽

Monitoring and Blocking Methods of HTTP Traffic Injection in Mobile Web Browser

提出一种在服务器部署前端脚本程序的监控方案,对移动端HTTP流量注入行为进行监控.基于监控数据,对注入内容、注入主体进行分析.分析结果显示,超过4%的移动端Web客户端会话在传输过程中被篡改,这样的篡改包括注入普通广告、注入恶意广告、网络运营商增值服务、恶意代码、虚假访问代码、页面重定向等,注入主体和网络运营商、地域、网络环境有关.基于此,提出了4项针对这些注入的屏蔽方案,包括在服务器部署HTTPS、CSP、部署检测脚本与HTTPS以及在客户端部署访问限制程序等方案,并对这些方案进行测试.测试结果表明,在服务器部署CSP的方案成本低且准确率较高;针对高性能客户端,在客户端部署访问限制程序的方案能有效屏蔽流量注入.

This paper first presents a method of deploying the front-end scripts in the server to monitor the HTTP traffic injection of the mobile browsers. The analysis of the injection contents and the injection entities based on the monitoring data suggest that over 4% mobile devices＇ sessions are modified during transmission. These modifications include the injection of the advertising, the injection of malvertising, the injection of the ISP value-added services, the injection of the malicious code, the injection aiming at improve false access and the injection aiming at page redirecting. The injection entities are found related to the network operators, the regions and the network environments. This pa- per also presents 4 methods including deploying HTTPS in the server, deploying CSP in the server, deploying the detection scripts and HTTPS in the server and deploying the access restriction procedure in the client,aiming at blocking the injection. The test results of these methods show that the method of deploying CSP has low cost and high accuracy and the method of deploying the access restriction procedure in the client is effective for the high performance client.