Anti-replay API Jatuphum Juanchaiyaphum + and Somnuk Puangpronpitag (jatuphum.j@msu.ac.th, somnuk.p@msu.ac.th) Faculty of Informatics Mahasarakham University Thailand Abstract. A cookies replay attack is one of the most powerful web application attacking techniques. There have been several tools (such as Cain & Abel, Backtrack4, Ferret & Hamster) and variant techniques based on this attack (such as sidejacking) widely available for script-kiddies. From the literature, several solutions to this problem have been proposed. However, almost all of them rely on a full Secure Socket Layer (SSL). Unfortunately, full SSL with a CA-signed certificate can be rather costly for some organizations. Furthermore, there have been several attacking techniques (such as, SSL-strip, MitM with SSL decoding) targeting SSL. So, in this paper, we propose a new solution, called Anti-replay API to assuage the cookies replay attack problem. Also, we have run several experiments to evaluate the Antireplay API. The experimental results have shown its effectiveness and efficiency. Keywords: MITM, Cookie Replay Attack, Sidejacking 1. Introduction Data eavesdropping from web users is a serious problem towards websites over the internet. This problem has become a significant issue that attracts the attention of both service users and software developers. To steal the data while the other people browsing the website can be done via the process of Man In The Middle or Monkey In The Middle (MITM) [1]; meanwhile there have been several tools applied to solve this attack e.g. Cain & Abel [2] and Backtrack [3]. These tools can be used in which the user required no deep comprehension of IT network or security system. To be exact, by reading only a manual, the user can launch this attack to interrupt the system. Similarly, a huge number of sources of knowledge for using these tools are broadly available. MITM not only detects the data while the website is functioning but also leads to Sidejacking [4], which is the process that the attacker exploits a cookies stored in the ID session by replaying it. After that, the attacker is able to use the system as the real user while the real user does not recognized this process. The tools used for Sidejacking includes Hamster’s [5] and Ferret’s [5]. Secure Socket Layer (SSL) [6] has been developed to solve the problematic MITM by encrypting the data during the communication between the entry and destination. So the sniffered data cannot be read. However, SSL still encounters some problems. By using SSL with its full function, the user needs to pay for SSL certificates legally issued by the Certificate Authority (CA) which involves a high expense. For instance, one of the reliable CA called Verisign [7] requests approximately $399 - $1499 per year for its SSL certificate [7], which considerably is highly expensive for small and medium enterprises. A number of websites commonly use HTTPS for the user’s authentication in order to prevent the data detection. Nevertheless, after passing the authentication, the system returns to HTTP as usual; for example, hotmail.com, yahoo.com, facebook.com, etc. Practically, the function of SSL undertakes the data encryption and decryption during the communication, so the functioning is slowed down. Thus, the websites chooses to + Corresponding author. Tel.: +6643754359. E-mail address: jatuphum.j@msu.ac.th 2011 International Conference on Modeling, Simulation and Control IPCSIT vol.10 (2011) © (2011) IACSIT Press, Singapore 43