Abstract
This chapter describes the design and implementation of ForenRIA, a forensic tool for performing automated and complete reconstructions of user sessions with rich Internet applications using only the HTTP logs. ForenRIA recovers all the application states rendered by the browser, reconstructs screenshots of the states and lists every action taken by the user, including recovering user inputs. Rich Internet applications are deployed widely, including on mobile systems. Recovering information from logs for these applications is significantly more challenging compared with classical web applications. This is because HTTP traffic predominantly contains application data with no obvious clues about what the user did to trigger the traffic. ForenRIA is the first forensic tool that specifically targets rich Internet applications. Experiments demonstrate that the tool can successfully handle relatively complex rich Internet applications.
Chapter PDF
Similar content being viewed by others
References
Andrica, S., Candea, G.: WaRR: a tool for high-fidelity web application record and replay. In: Proceedings of the Forty-First IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 403–410 (2011)
AppNeta, Tcpreplay, Boston, Massachusetts. tcpreplay.appneta.com (2016)
Atterer, R., Schmidt, A.: Tracking the interaction of users with AJAX applications for usability testing. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1347–1350 (2007)
Chen, K., Gu, G., Zhuge, J., Nazario, J., Han, X.: WebPatrol: automated collection and replay of web-based malware scenarios. In: Proceedings of the Sixth ACM Symposium on Information, Computer and Communications Security, pp. 186–195 (2011)
Cohen, M.: PyFlag - An advanced network forensic framework. Digital Investigation 5(S), S112–S120 (2008)
Cornelis, F., Georges, A., Christiaens, M., Ronsse, M., Ghesquiere, T., Bosschere, K.: A taxonomy of execution replay systems. In: Proceedings of the International Conference on Advances in Infrastructure for Electronic Business, Education, Science, Medicine and Mobile Technologies on the Internet (2003)
Dell, R., Roman, P., Velasquez, J.: Web user session reconstruction using integer programming. In: Proceedings of the IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology, pp. 385–388 (2008)
Dell, R., Roman, P., Velasquez, J.: Web user session reconstruction with back button browsing. In: Velasquez, J., Rios, S., Howlett, R., Jain, L. (eds.) Knowledge-Based and Intelligent Information and Engineering Systems, pp. 326–332. Springer, Heidelberg (2009)
Dohare, M., Arya, P., Bajpai, A.: Novel web usage mining for web mining techniques. International Journal of Emerging Technology and Advanced Engineering 2(1), 253–262 (2012)
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol - HTTP/1.1, RFC 2616 (1999)
Flanagan, D.: JavaScript: The Definitive Guide, O’Reilly Media, Sebastopol, California (2011)
Fraternali, P., Rossi, G., Sanchez-Figueroa, F.: Rich Internet applications. IEEE Internet Computing 14(3), 9–12 (2010)
Ajax, J.G.: A new approach to web applications, Adaptive Path, San Francisco, California, February 18, 2005. www.adaptivepath.com/ideas/ajax-new-approach-web-applications
Hong, S., Wu, S.: On interactive Internet traffic replay. In: Proceedings of the Eighth International Conference on Recent Advances in Intrusion Detection, pp. 247–264 (2006)
Lo, J., Wohlstadter, E., Mesbah, A.: Imagen: runtime migration of browser sessions for JavaScript web applications. In: Proceedings of the Twenty-Second International Conference on World Wide Web, pp. 815–826 (2013)
Mickens, J., Elson, J., Howell, J.: Mugshot: deterministic capture and replay for JavaScript applications. In: Proceedings of the USENIX Conference on Networked Systems Design and Implementation (2010)
Narayanasamy, S., Pokam, G., Calder, B.: BugNet: Recording application-level execution for deterministic replay debugging. IEEE Micro 26(1), 100–109 (2006)
Neasbitt, C., Perdisci, R., Li, K., Nelms, T.: ClickMiner: towards forensic reconstruction of user-browser interactions from network traces. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1244–1255 (2014)
Oh, J., Kwon, J., Park, H., Moon, S.: Migration of web applications with seamless execution. In: Proceedings of the Eleventh ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 173–185 (2015)
Selenium, Selenium Web Application Testing System (2015). seleniumhq.org
Spiliopoulou, M., Mobasher, B., Berendt, B., Nakagawa, M.: A framework for the evaluation of session reconstruction heuristics in web-usage analysis. INFORMS Journal on Computing 15(2), 171–190 (2003)
Srivastava, J., Cooley, R., Deshpande, M., Tan, P.: Web usage mining: discovery and applications of usage patterns from web data. ACM SIGKDD Explorations Newsletter 1(2), 12–23 (2000)
World Wide Web Consortium, Document Object Model (DOM) Level 3 Core Specification, Version 1.0, W3C Recommendation, Cambridge, Massachusetts (2004). www.w3.org/TR/DOM-Level-3-Core
Xie, G., Iliofotou, M., Karagiannis, T., Faloutsos, M., Jin, Y.: ReSurf: reconstructing web-surfing activity from network traffic. In: Proceedings of the IFIP Networking Conference (2013)
Xu, M., Bodik, R., Hill, M.: A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In: Proceedings of the Thirtieth Annual International Symposium on Computer Architecture, pp. 122–135 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing
About this paper
Cite this paper
Baghbanzadeh, S. et al. (2016). Reconstructing Interactions with Rich Internet Applications from HTTP Traces. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XII. DigitalForensics 2016. IFIP Advances in Information and Communication Technology, vol 484. Springer, Cham. https://doi.org/10.1007/978-3-319-46279-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-46279-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46278-3
Online ISBN: 978-3-319-46279-0
eBook Packages: Computer ScienceComputer Science (R0)