Understanding the Breakdown of Same-origin Policies in Web Services That Rehost Websites

Abstract

Intermediary web services such as web proxies, translators, and archives have become pervasive as a means to enhance the openness of the web. These services aim to remove the intrinsic obstacles to web access; i.e., access blocking, language barriers, and missing websites. In this study, we refer to these services as web rehosting services and make the first exploration of their security flaws. Web rehosting services use a single domain name to rehost several websites that have distinct domain names; this characteristic makes web rehosting services intrinsically vulnerable to violating the same origin policy if not operated carefully. Based on the intrinsic vulnerability of web rehosting services, we demonstrate that an attacker can perform five different types of attacks that target users of web rehosting services: persistent man-in-the-middle attack, abusing privileges to access various resources, stealing credentials, stealing browser history, and session hijacking/injection. Our extensive analysis of 21 web rehosting services, which have more than 200 million accesses per day, revealed that these attacks are feasible. In response to this observation, we provide effective countermeasures against each type of attack. Through our efforts, several major web services have successfully completed improvements to make their architecture more secure.