SYSTEMS AND METHODS FOR DETERMINING VULNERABILITY TO SESSION STEALING

US 20120255022A1
Filed: 03/30/2012
Published: 10/04/2012
Est. Priority Date: 03/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

intercepting, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet;

determining, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet;

changing the value by the calculated amount to determine a next value for a next packet;

replacing the second portion of the intercepted packet with the next value to generate a modified packet;

replacing the first portion of the modified packet with a second instruction; and

transmitting the modified packet to the second computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for determining vulnerability to session stealing are disclosed. An example method includes intercepting, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet, determining, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet, changing the value by the calculated amount to determine a next value for a next packet, replacing the second portion of the intercepted packet with the next value to generate a modified packet, replacing the first portion of the modified packet with a second instruction, and transmitting the modified packet to the second computing device.

54 Citations

View as Search Results

34 Claims

1. A method comprising:
- intercepting, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet;
  
  determining, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet;
  
  changing the value by the calculated amount to determine a next value for a next packet;
  
  replacing the second portion of the intercepted packet with the next value to generate a modified packet;
  
  replacing the first portion of the modified packet with a second instruction; and
  
  transmitting the modified packet to the second computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as defined in claim 1, further comprising determining if the second computing device accepts the modified packet.
  - 3. A method as defined in claim 1, further comprising determining if the second computing device executes the second instruction.
  - 4. A method as defined in claim 3, further comprising generating a report indicating whether or not the second computing device executes the second instruction.
  - 5. A method as defined in claim 3, further comprising notifying an entity associated with the second computing device in response to determining that the second computing device executed the second instruction.
  - 6. A method as defined in claim 1, wherein the calculated amount is identified in the template.
  - 8. A method as defined in claim 1, further comprising determining, using the template, that the first portion of the intercepted packet includes the first instruction.
  - 9. A method as defined in claim 1, wherein the template identifies a byte offset of at least one of the first portion or the second portion.
  - 10. A method as defined in claim 1, wherein the first packet is associated with an existing communication session between the client and the second computing device.
  - 11. A method as defined in claim 10, further comprising instructing the client to terminate the session after receiving the intercepted packet at the first computing device.
  - 12. A method as defined in claim 10, wherein the modified packet is associated with the session.
  - 13. A method as defined in claim 1, further comprising at least one of:
    - instructing an address resolution protocol system to replace an address of the second computing device with an address of the first computing device;
      
      instructing a domain name system to replace an address of the second computing device with an address of the first computing device; and
      
      changing a network address of the second computing device from a first address to a second address and changing a network address of the first computing device to the first address.
  - 14. A method as defined in claim 1, further comprising:
    - receiving a plurality of packets including the intercepted packet at the first computing device from the client;
      
      determining a number of times that the first instruction is included in the plurality of packets; and
      
      selecting the intercepted packet for modification when the number of times meets a threshold.
  - 15. A method as defined in claim 1, further comprising:
    - determining a number of parameters in the first instruction; and
      
      selecting the intercepted packet for modification when the number of parameters meets a threshold.
  - 16. A method as defined in claim 1, further comprising storing the next value to be used in determining a value for a second modified packet.

17. A tangible computer readable storage medium storing instructions that, when executed, cause a machine to at least:
- intercept, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet;
  
  determine, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet;
  
  change the value by the calculated amount to determine a next value for a next packet;
  
  replace the second portion of the intercepted packet with the next value to generate a modified packet;
  
  replace the first portion of the modified packet with a second instruction; and
  
  transmit the modified packet to the second computing device.
- View Dependent Claims (18, 19)
- - 18. A tangible computer readable storage medium as defined in claim 17, wherein the instructions, when executed further cause the machine to determine if the second computing device accepts the modified packet.
  - 19. A tangible computer readable storage medium as defined in claim 17, wherein the instructions, when executed further cause the machine to determine if the second computing device executes the second instruction.

20-32. -32. (canceled)

33. An apparatus comprising:
- a session tracking module to intercept, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet and to determine, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet;
  
  a data modification module to change the value by the calculated amount to determine a next value for a next packet and to replace the second portion of the intercepted packet with the next value to generate a modified packet, and to replace the first portion of the modified packet with a second instruction; and
  
  a finalization module to transmit the modified packet to the second computing device.

34-63. -63. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Original Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Inventors
Ocepek, Steven R., Henrique, Wendel Guglielmetti

Granted Patent

US 8,756,697 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

SYSTEMS AND METHODS FOR DETERMINING VULNERABILITY TO SESSION STEALING

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DETERMINING VULNERABILITY TO SESSION STEALING

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links