Shiro rememberMe反序列化攻击检测思路

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <script src="/webstatic/js/toMobile.js?ver=1744363725"></script> <title>Shiro rememberMe反序列化攻击检测思路 - 百度安全社区</title> <meta name="keywords" content="API,0day,漏洞,攻击,数据安全"> <meta name="description" content="Apache Shiro是一款强大且易用的Java安全框架，使用范围非常广泛。Shiro默认使用CookieRememberMeManager，其处理cookie的流程是：rememberMe cookie值–>Base64解码–>AES解密–>反序列化。在Shiro"> <meta http-equiv="X-UA-Compatible" content="IE=edge;IE=10;chrome=1"> <link rel="shortcut icon" href="/favicons.ico" type="image/x-icon"> <link rel="icon" href="/favicons.ico" type="image/x-icon"> <link href="/webstatic/lib/bootstrap.min.css" type="text/css" rel="stylesheet"> <link href="/webstatic/css/common.css?ver=1744363725" type="text/css" rel="stylesheet"> <link href="/webstatic/css/forum.css?ver=1744363725" type="text/css" rel="stylesheet"></head> <body> <style> /* 用于解决 https://wappass.baidu.com/static/machine/css/api/mkd_8c7067d.css a:active opacity: .6 问题 */ a:active { opacity: inherit; } </style>  <div class="menu mover"> <div class="menu-con">   <div class="mlogin no-login"> <a class="login-btn" href="javascript:void(0);">登录</a> </div>  <div class="mlogin has-login">  <div class="muser-name"> <a target="_blank" href="javascript:void(0)" onclick="return false" class="muser-link"> <span id="user_name"></span> </a> <div class="muser-down"> <a id="quit_addr" href="#" target="_self">退出账户</a> </div> </div> </div>  <a href="/" class="mlogo"></a> <ul class="mnavlist" id="mnavlist"> </ul> </div> </div>  <div class="forum clearfix" rel="detail"> <div class="forum-right">  <div class="frbox topad" id="hotArt"> <a target="_blank" href="/article/1923" style="display:block"> <img src="/upload/ue/image/20250408/1744091148131855.png" alt=""> <span>安全运营 | 第十期「纵深防护·极智运营」度安讲技术沙龙成功举办</span> </a> </div> <div class="product-rank"> <div class="product-rank-title"> 产品人气榜 </div> <ul id="rankBox"> <li class="rank-top"> <div class="product-rank-left rankTop1"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=39" class="product-title"> 史宾格安全及隐私合规平台 </a> <div class="product-des">3分钟完成一周工作量更快实现隐私合规</div> </div> </li><li class="rank-top"> <div class="product-rank-left rankTop2"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=20" class="product-title"> IP信誉查询 </a> <div class="product-des">多因子计算，多维度画像</div> </div> </li><li class="rank-top"> <div class="product-rank-left rankTop3"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=67" class="product-title"> 智能数据安全网关 </a> <div class="product-des">为企业数据安全治理提供一体化数据安全解决方案</div> </div> </li><li> <div class="product-rank-left">4</div> <a href="/pages/page.html?pid=18" class="product-rank-right"> 网址安全检测 </a> </li><li> <div class="product-rank-left">5</div> <a href="/pages/page.html?pid=19" class="product-rank-right"> SMS短信内容安全 </a> </li><li> <div class="product-rank-left">6</div> <a href="/pages/page.html?pid=5" class="product-rank-right"> 百度漏洞扫描 </a> </li><li> <div class="product-rank-left">7</div> <a href="/pages/page.html?pid=49" class="product-rank-right"> 爬虫流量识别 </a> </li><li> <div class="product-rank-left">8</div> <a href="/pages/page.html?pid=61" class="product-rank-right"> 百度AI多人体温检测 </a> </li><li> <div class="product-rank-left">9</div> <a href="/pages/page.html?pid=74" class="product-rank-right"> 工业大脑解决方案 </a> </li><li> <div class="product-rank-left">10</div> <a href="/pages/page.html?pid=64" class="product-rank-right"> APP安全解决方案 </a> </li><li> <div class="product-rank-left">11</div> <a href="/pages/page.html?pid=29" class="product-rank-right"> 安全OTA </a> </li><li> <div class="product-rank-left">12</div> <a href="/pages/page.html?pid=77" class="product-rank-right"> 大模型安全解决方案 </a> </li><li> <div class="product-rank-left">13</div> <a href="/pages/page.html?pid=70" class="product-rank-right"> 安全知识图谱 </a> </li> </ul> </div><div class="fixed"> <div class="frbox tag-part" id="theme"> <h4>热门主题</h4> <div class="frboxcon frboxcon-pd"> <ul class="forum-tags" id="hotTags"> <li> <a target="_blank" href="/tag/131"> BackerTalk</a> </li> <li> <a target="_blank" href="/tag/224"> SiemPentTeam</a> </li> <li> <a target="_blank" href="/tag/419"> 百度安全</a> </li> <li> <a target="_blank" href="/tag/5"> 漏洞</a> </li> <li> <a target="_blank" href="/tag/3"> 智能安全</a> </li> <li> <a target="_blank" href="/tag/7"> 攻击</a> </li> <li> <a target="_blank" href="/tag/6"> 黑产</a> </li> <li> <a target="_blank" href="/tag/9"> 安全</a> </li> <li> <a target="_blank" href="/tag/19"> 网络安全</a> </li> <li> <a target="_blank" href="/tag/11"> 黑客</a> </li> <li> <a target="_blank" href="/tag/44"> 恶意软件</a> </li> </ul> </div> </div> </div> <div class="fixed"> <div class="frbox"> <h4>热门文章</h4> <div class="frboxcon"> <ul class="fr-notice-list" id="recommendArt"> <li class="fr-notice-list-li"> <a href="/article/1923" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250408/1744091148131855.png" alt=""> </div> <div class="notice-info">安全运营 | 第十期「纵深防护·极智运营」度安讲技术沙龙成功举办</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1922" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250318/1742276030896576.png" alt=""> </div> <div class="notice-info">模型上新！体验文心大模型4.5卓越性能，文心快码邀您探索</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1921" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250313/1741856397996482.png" alt=""> </div> <div class="notice-info">文心快码全新升级！Comate Zulu开放公测，超多好礼派送中</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1920" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250306/1741255476943495.png" alt=""> </div> <div class="notice-info">警惕！AI组件ComfyUI易被黑产盯上</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1919" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250227/1740653380412553.png" alt=""> </div> <div class="notice-info">大模型驱动智能合规 | 构建企业个保审计新范式</div> </a> </li> </ul> </div> </div> </div>  </div> <div class="forum-left"> <div class="forum-detail" id="forumDetail"><h2>Shiro rememberMe反序列化攻击检测思路</h2> <p class="smm">2020-06-03 16:50:49<span class="forum-article-heat">16330人阅读</span></p> <div class="forum-share forum-detail-tag-share"> <div class="tag-top"> <div class="clearfix forum-pad forum-pad-detail"> <ul class="forum-tags"> <li><a target="_blank" href="/tag/301">API</a></li> <li><a target="_blank" href="/tag/356">0day</a></li> <li><a target="_blank" href="/tag/5">漏洞</a></li> <li><a target="_blank" href="/tag/7">攻击</a></li> <li><a target="_blank" href="/tag/109">数据安全</a></li> </ul> </div> </div> <div class="share-top"> 分享至：<i class="tipbtn weichartQr"></i> <a class="tipbtn weibo" href="http://service.weibo.com/share/share.php?appkey=&title=Shiro rememberMe反序列化攻击检测思路&url=https://anquan.baidu.com/article/1090&style=simple" target="_blank"> </a> </div> </div>  <div class="fd-content clearfix"> <h2 style="white-space: normal; margin: 0px 8px; padding: 0px; font-weight: 400; font-size: 16px; max-width: 100%; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 15px; box-sizing: border-box !important; word-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">1、背景</strong></span></h2><p style="white-space: normal; margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">Apache Shiro是一款强大且易用的Java安全框架，使用范围非常广泛。Shiro默认使用CookieRememberMeManager，其处理cookie的流程是：rememberMe cookie值–>Base64解码–>AES解密–>反序列化。在Shiro<=1.2.4版本下，AES密钥是硬编码的，导致攻击者可以构造加密的反序列化数据执行任意命令。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">下载Shiro 1.2.4的代码，先看看CookieRememberMeManager.java文件，发现其继承AbstractRememberMeManager类。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591173990312966.png" alt="1.png" width="693" height="279" style="width: 693px; height: 279px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">跟进到AbstractRememberMeManager类，在80行发现定了私有常量DEFAULT_CIPHER _KEY_BYTES，值为Base64.decode("kPH+bIxk5D2deZiIxcaaaA==")，而这就是我们需要找的硬编码AES key。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174016478222.png" alt="2.png" width="703" height="152" style="width: 703px; height: 152px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">解密后的数据会经过AbstractRememberMeManager类的getRememberedPrincipals方法处理，并在该方法中调用了convertBytesToPrincipals方法.</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174057984521.png" alt="3.png" width="717" height="210" style="width: 717px; height: 210px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">继续向上追踪，最后到DefaultSerializer类的deserialize方法调用了readObject，对解密的数据进行反序列化。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174074682824.png" alt="4.png" width="717" height="364" style="width: 717px; height: 364px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">由于该漏洞攻击特征被加密，和正常数据看起来相似，在护网等场景下被攻击者大量使用，并且较难在不影响正常业务情况下直接做拦截。特别是对云上安全产品，客户的服务器、应用、业务种类繁多，直接封禁rememberMe cookie难以实现，因此需要先行对数据进行处理再做决定。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><h2 style="white-space: normal; margin: 0px 8px; padding: 0px; font-weight: 400; font-size: 16px; max-width: 100%; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 15px; box-sizing: border-box !important; word-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">2、检测思路</strong></span></h2><p style="white-space: normal; margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">我们需要模拟Shiro对Cookie处理的过程，对加密数据进行处理后再进行，处理过程的流程图如下：</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174090585250.png" alt="5.png" width="637" height="269" style="width: 637px; height: 269px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">提取含有rememberMe cookie的值，对其做base64解码，再利用AES key对数据进行解密，由于该漏洞是AES key硬编码导致的，我们收集了市面上攻击者常用的20个AES key，覆盖绝大部分Shiro反序列化攻击行为。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174105173443.png" alt="6.png" width="694" height="97" style="width: 694px; height: 97px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">对数据解密后，先判断解密后数据是否以” aced0005”开头，即拥有Java序列化数据的特征。但是到了这步，仍然没办法确认是否是攻击，正常用户的rememberMe值解密后也是序列化的数据。但这里我们很清楚，此处存在漏洞是因此对数据做了反序列化操作即存在反序列化入口，而实际触发漏洞还需要有一个完整的利用链条。因此，我们提取了常见工具的20余条利用链的特征，再对解密数据进行判断，从而能正确的处理攻击数据。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><h2 style="white-space: normal; margin: 0px 8px; padding: 0px; font-weight: 400; font-size: 16px; max-width: 100%; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 15px; box-sizing: border-box !important; word-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">3、检测效果</strong></span></h2><p style="white-space: normal; margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">3.1攻击详情</span></strong></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174120190939.png" alt="7.png" width="756" height="280" style="width: 756px; height: 280px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">3.2 最近一周攻击趋势</span></strong></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174136166160.png" alt="8.png" width="637" height="372" style="width: 637px; height: 372px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><h2 style="white-space: normal; margin: 0px 8px; padding: 0px; font-weight: 400; font-size: 16px; max-width: 100%; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><strong style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 15px; box-sizing: border-box !important; word-wrap: break-word !important;">4、一体化解决方案</span></strong></h2><p style="white-space: normal; margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">百度安全智能一体化解决方案中已支持上述漏洞检测，并且开放了智能化编排的入口，用户只需要编写简单的脚本，就能够对特定数据进行处理，进行触发告警、拦截等措施。智能一体化解决方案如下：</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: center; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><img src="/upload/ue/image/20200603/1591174154630139.png" alt="9.png" width="730" height="430" style="width: 730px; height: 430px;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">对于此类无明显攻击特征的行为，WAF等设备通常无法直接拦截，智能网关先将旁路流量给到智能分析中心，通过用户添加的智能编排脚本处理，再将结果反馈到智能网关，对相应的攻击进行拦截，能够准确、有效地保护用户的资产。</span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="white-space: normal; margin: 0px 8px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; caret-color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.6217142939567566px; text-align: justify; line-height: 1.75em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">另外，智能分析中心还集成了智能API识别，能够有效地对API进行分类识别，帮助用户梳理API资产；同时还集成了AI白模型等能力，当用户对资产进行一段时间的学习后，能够有效地防御未知攻击、0day攻击等。</span></p><p><br/></p><hr/><p>本文由百度安全原创，转载请注明出处及原文链接</p> </div>  <div class="forum-share forum-share-bottom">  <div class="share-bottom"> 分享至：<i class="tipbtn weichartQr"></i> <a class="tipbtn weibo" href="http://service.weibo.com/share/share.php?appkey=&title=Shiro rememberMe反序列化攻击检测思路&url=https://anquan.baidu.com/article/1090&style=simple" target="_blank"> </a> </div> </div> </div> <div id="recom-part"> <div class="detail-recom-read" id="detail-recom-read"> <div class="recom-title">推荐阅读</div> </div> <ul class="recom-reading clearfix"> <li> <a href="/article/1894"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20240926/1727283743208140.png) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>百度一站式数据管理解决方案荣获2024北京互联网大会行业数据安全优秀解决方案</span> </span> </a> </li> <li> <a href="/article/1887"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20240831/1725040455594237.png) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>数博会 | 百度智能云千帆大模型数据安全解决方案获优秀科技成果</span> </span> </a> </li> <li> <a href="/article/1868"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20240521/1716291274347170.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>2023全球DDoS攻击态势分析，与众多行业专家共议DDoS破局之道</span> </span> </a> </li> <li> <a href="/article/1864"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20240510/1715322464342280.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>BlackHat ASIA 议题解读｜安卓Netlink内核模块中隐藏的“传送门”</span> </span> </a> </li> <li> <a href="/article/1858"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20240425/1714015301147792.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>连中三元！百度安全多篇议题入选Blackhat Asia，以硬技术发现“芯”问题</span> </span> </a> </li> </ul> </div> </div> </div> <div class="popover fade top in" id="qrimg" style="left: 1172.31px; top: 10037px; display: none;"> <div class="arrow" style="left: 22.1812%;"></div> <div class="popover-content"> 微信扫描访问文章<br> <img src="" alt="" width="121"> </div> </div> <script> var aid = 1090; </script> <div class="footer"> <div class="footer-container"> <div class="footer-cell contact-infos"> <div class="footer-cell-content"> <img width="158" src="/webstatic/img/logo_baiduanquan_navbar_web.svg" alt="logo"> <div class="spu-btn-primary" id="footer-apply" style="margin-bottom: 10px;">立即咨询</div> <span id="footer-contact">商务咨询：400-805-4999</span> </div> </div> <div class="footer-cell foot-border-left"> <div class="footer-cell-head">安全产品</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/1" target="_blank">DDoS攻击防护</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">解决方案</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/6" target="_blank">IDC智云盾</a> <a href="https://anquan.baidu.com/page/7" target="_blank">云高防</a> <a href="https://anquan.baidu.com/page/8" target="_blank">xSRC</a> <a href="https://anquan.baidu.com/page/9" target="_blank">gSRC</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">安全服务</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/13" target="_blank">渗透测试</a> <a href="https://anquan.baidu.com/page/16" target="_blank">安全培训</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">开放服务</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/18" target="_blank">网址安全检测</a> <a href="https://anquan.baidu.com/page/19" target="_blank">SMS短信内容安全</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">其他</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/forum" target="_blank">安全社区</a> <a href="https://www.baidu.com/duty/yinsiquan-policy.html" target="_blank">隐私协议</a> </div></div> <div class="footer-cell"> <div class="footer-cell-head">关注我们</div> <div class="footer-cell-content"> <img src="/webstatic/img/newicon/icon_WeChat.jpg" alt="bar-code" width="121"> </div> </div> </div> <div class="footer-site-line"> <div class="footer-container-line pl"></div> </div> <div class="footer-tips"> <p id="relatedLinks"> <a href=http://bsb.baidu.com/ target="_blank">网址检测</a> <a href=https://www.oasesalliance.com target="_blank">OASES联盟</a> <a href=http://bsrc.baidu.com/ target="_blank">BSRC</a> <a href=https://comate.baidu.com/ target="_blank">Comate智能代码助手</a> <a href=http://hao.lenovo.com.cn/?channel=bdsec target="_blank">智慧联想浏览器</a> <a href=https://www.freebuf.com/ target="_blank">FreeBuf</a> <a href=https://www.leiphone.com target="_blank">雷锋网</a> <a href=https://www.4hou.com/ target="_blank">嘶吼</a> <a href=https://www.bugbank.cn target="_blank">漏洞银行</a> <a href=https://developer.baidu.com/?hmsr=百度安全官网 target="_blank">百度开发者中心</a> <a href=https://ziyuan.baidu.com target="_blank">百度站长平台</a> <a href=https://cloud.baidu.com/ target="_blank">百度智能云</a> <a href=http://abcxueyuan.baidu.com target="_blank">百度云智学院</a> <a href=https://vr.baidu.com target="_blank">百度VR</a> <a href=https://pan.baidu.com/union target="_blank">百度网盘开放平台</a> <a href=https://app.baidu.com/newapp/index target="_blank">百度移动分发平台</a> <a href=https://www.seclover.com/ target="_blank">四叶草安全</a> <a href=https://e.baidu.com/lp/search/?refer=1320 target="_blank">企业推广</a> <p class="copyright"> <span>© 2025  Baidu </span> <a href="https://www.baidu.com/duty/" target="_blank">  使用百度前必读</a> <a href="http://help.baidu.com/" target="_blank">  意见反馈</a>    <a href="https://beian.miit.gov.cn/" target="_blank">京ICP证030173号</a>  <a href="https://beian.miit.gov.cn/" target="_blank">京公网安备11000002000001号</a> </p> </div> <div class="contact"> <a href="" class="gotop" id="backTop"> <img src="/webstatic/img/bbs/icon_backtothetop@1x.svg"> </a> <a href="" class="aboatqr active"> </a> </div> <div class="contact-info hidden-style"> 关注我们<br> <img src="/webstatic/img/newicon/icon_WeChat.jpg" alt="" width="121"> </div> </div> <div class="overall-form-box saas-modal"> <div class="modal-con overall-form-con"> <h3 class="modal-con-h3"> </h3> <span class="overall-form-close modal-close" id="closeForm"></span> <div class="overall-form-mod"> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>身份类型</span> </div> <div class="overall-mod-list-right"> <div class="overall-type-box mr40 ml10"> <span class="overall-type-select on" data-type=2><i></i>️</span> <span class="overall-type-val">企业</span> </div> <div class="overall-type-box"> <span class="overall-type-select" data-type=1><i></i>️</span> <span class="overall-type-val">个人</span> </div> <div class="waring-hint"> </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>企业名称</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实企业名称" id="enterpriseName"> <div class="waring-hint"> 企业名称不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>真实姓名</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实姓名便于联系" id="enterpriseUserName"> <div class="waring-hint"> 真实姓名不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>电话号码</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实电话号码便于联系" id="enterprisePhone"> <div class="waring-hint" id="phoneHint"> 电话号码不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>邮箱</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实邮箱便于联系" id="enterpriseEmail"> <div class="waring-hint" id="emailHint"> 邮箱不能为空 </div> </div> </div> <div class="overall-mod-list overall-mod-list-handle-select"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>申请服务</span> </div> <div class="overall-mod-list-right"> <div class="overall-mod-apply-select-container"> <select class="overall-mod-apply-select" placeholder="申请服务" id="applySelect"> <option value="智能硬件“安全+”">智能硬件“安全+”</option> <option value="个人信息保护">个人信息保护</option> <option value="远程办公守护（WAF+VPN）">远程办公守护（WAF+VPN）</option> <option value="公益平台保护">公益平台保护</option> <option value="云加速SCDN">云加速SCDN</option> <option value="业务风控">业务风控</option> <option value="APP消息推送">APP消息推送</option> </select> </div> <div class="waring-hint"> </div> </div> </div> <div class="overall-mod-list overall-mod-list-handle-textarea on"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>咨询内容</span> </div> <div class="overall-mod-list-right"> <textarea placeholder="请描述你想咨询的内容" class="overall-textarea"></textarea> <div class="waring-hint"> 咨询内容不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>验证码</span> </div> <div class="overall-mod-list-right pr"> <input type="text" placeholder="请输入右侧验证码" class="width140" id="enterpriseCode"> <div class="overall-code" id="overallCode"> <img src="/catpcha" alt="" height="100%"> </div> <div class="waring-hint" id="codeHint"> 验证码不能为空 </div> </div> </div> <div class="overall-submit saas-btn fr"> 提交 </div> </div> </div> </div> <div class="overall-form-success saas-modal"> <div class="modal-con overall-form-con"> <span class="overall-form-close close-form-success modal-close"></span> <div class="form-modal-title"> 提交成功 </div> <img src="/webstatic/img/footer/icon_success.svg" alt="" class="form-modal-img"> <div class="form-modal-text"> 您的申请已提交，之后会有我们的商务团队与您联系，谢谢！ </div> <div class="close-form-success saas-btn"> 关闭 </div> </div> </div> <div class="saas-login-dialog"> <div class="saas-login-container"> <div class="saas-login-container-left"> </div> <div class="saas-login-container-right"> <div class="saas-login-container-right-title"> <div class="saas-login-dialog-close"></div> </div> <div class="saas-login-dialog-tab clearfix"> <div class="saas-login-dialog-tab-item active">百度账号</div> <div class="saas-login-dialog-tab-item">百度推广账号</div> </div> <div class="saas-login-container-right-body"> <div class="passport-login saas-login-dialog-tab-container active"> <div id="passport-login"></div> </div> <div class="saas-login-dialog-tab-container"> <div id="uc-passport-login"></div> </div> </div> <div class="saas-login-container-right-footer"> 温馨提示：与百度搜索、百度贴吧、百度云盘、百度知道、百度文库等产品通用。 </div> </div> </div> </div> <div class="conpin saas-modal"> <div class="conpin-container"> <div class="conpin-close"></div> <div class="conpin-value show" data-key="voucher_price"> <div class="conpin-value-unit">￥</div> <div class="conpin-value-price">0</div> <div class="conpin-value-des">现金券</div> </div> <div class="conpin-value"></div> <div class="conpin-value" data-key="try_time"> <div class="conpin-value-price">0</div>  <div class="conpin-value-des">兑换券</div> </div> <div class="conpin-name"></div> <div class="conpin-btn">立即领取</div> <div class="conpin-no-login">登录即可领取优惠券</div> <div class="conpin-success">领取成功</div> </div> </div><script src="//hm.baidu.com/hm.js?3bc064e919b01ed9e8c5459f2fae3fe4"></script> <script src="/webstatic/lib/jquery.min.js?ver=1744363725"></script> <script type="text/javascript" src="//passport.baidu.com/passApi/js/wrapper.js?ver=1744363725"></script><script type="text/javascript" src="//cas.baidu.com/staticv2/dep/common-login/api.js?ver=1744363725"></script> <script src="/webstatic/js/renderPage.js?ver=1744363725"></script> <script src="/webstatic/js/forum.js?ver=1744363725"></script><script> (function () { var path = [ '/haoma/search', '/haoma/common', '/page/', '/product/', '/activity/prize', 'vdc/fileCheck', '/activity/srd', '/activity/su', '/springer/plan', '/bsi/index', '/activity/newYear', '/partner/apply' ]; window.antibotObserver = null; if (window.createObserver) { window.antibotObserver = createObserver(); } var len = path.length; var pathname = location.pathname; var search = location.search; var isTargetPage = false; var key = '__abbaidu_20181211_cb'; for (var i = 0; i < len; i++) { var curIndex = pathname.indexOf(path[i]); if (curIndex >= 0) { isTargetPage = true; } } if (/voucher_id/.test(search) && /voucher_flag/.test(search)) { isTargetPage = true; } if (isTargetPage) { window['__abbaidu_2024_subidgetf'] = function () { var subid = '1234'; return subid; }; window['__abbaidu_2024_cb'] = function (responseData) { if (window.localStorage) { window.localStorage.setItem(key, responseData); if (loadPageReport) { loadPageReport(responseData); } if (window.antibotObserver && window.antibotObserver.listen) { var data = {}; try { data = JSON.parse(responseData); } catch (e) { data = {}; } window.antibotObserver.listen(data); } } }; var script = document.createElement('script'); script.src = 'https://dlswbr.baidu.com/heicha/mw/abclite-2024-s.js'; document.body.appendChild(script); } else { if (window.localStorage) { window.localStorage.removeItem(key); } } })(); </script> </body> </html>

CINXE.COM

Shiro rememberMe反序列化攻击检测思路 - 百度安全社区