CHALLENGE INTERCEPTOR
First Claim
1. A system, comprising:
- a non-transitory memory storing instructions; and
one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising;
issuing, using an application, a request to a server, wherein the request comprises a download request for a webpage to a computing device;
receiving, in response to the request, the webpage and an interceptor code;
generating an interceptor from the interceptor code;
issuing, using a dynamic engine, a dynamic web content request to the server, wherein a response to the dynamic web content request will update a portion of the webpage;
in response to issuing the dynamic web content request, receiving a challenge;
intercepting, using the interceptor, the challenge, wherein the intercepted challenge is passed to the application;
rendering, using the application, the challenge;
receiving an answer to the challenge; and
receiving a dynamic web content response that updates the portion of the webpage after validating the answer to the challenge.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and mitigating attacks that exploit vulnerabilities of a website are provided, according to various embodiments described below and herein. A computing device issues a request for a web page that is stored on a server. The server receives a request and issues a response that includes the requested web page and interceptor code injected into the response. The computing device receives the response, renders the web content and generates an interceptor from the interceptor code. The interceptor intercepts requests, responses to dynamically update the webpage and responses containing a challenge. When a computing device issues a request to the server to dynamically update the webpage, the server issues a response to the computing device that includes a challenge. Once computing device issues a request that includes an answer to the challenge, the server validates the answer and issues a response that dynamically updates the webpage.
5 Citations
20 Claims
-
1. A system, comprising:
-
a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising; issuing, using an application, a request to a server, wherein the request comprises a download request for a webpage to a computing device; receiving, in response to the request, the webpage and an interceptor code; generating an interceptor from the interceptor code; issuing, using a dynamic engine, a dynamic web content request to the server, wherein a response to the dynamic web content request will update a portion of the webpage; in response to issuing the dynamic web content request, receiving a challenge; intercepting, using the interceptor, the challenge, wherein the intercepted challenge is passed to the application; rendering, using the application, the challenge; receiving an answer to the challenge; and receiving a dynamic web content response that updates the portion of the webpage after validating the answer to the challenge. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
generating, using a dynamic engine executing on a computing device, a dynamic web content request to a server, wherein the dynamic web content request requests an update to a webpage previously downloaded to the computing device; receiving, in response to the dynamic web content request, a challenge; using an interceptor, intercepting the challenge and passing the challenge to a browser; receiving a challenge answer; transmitting the challenge answer for validation to the server; receiving a dynamic web content response that includes an update for the webpage when the server validates the challenge answer; and updating the webpage using the dynamic web content response. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising; receiving a request to render a webpage from an application; generating a response to the request; injecting an interceptor code into the response, wherein the interceptor code generates an interceptor that intercepts a dynamic web content response and a response containing a challenge; and transmitting the response with the injected interceptor code to the application, whereby the application renders the webpage and generates the interceptor from the interceptor code, and whereby the interceptor intercepts the dynamic web content response and the response containing a challenge received by the application. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification