摘要： 针对ARP协议和TCP协议的安全漏洞，在分析HTTP协议安全缺陷的基础上，提出了HTTP中间人会话劫持的理论，通过实验论证了在用户使用HTTP协议进行文件下载时引发中间人攻击的可能性。为避免此种攻击所造成的安全威胁，提出了采用静态ARP表、监控ARP缓存异常、使用HTTPS协议3种不同的安全措施来增加网络的安全性。

关键词: ARP欺骗, 会话劫持, 中间人攻击

Abstract: Base on the ARP spoof and TCP session hijacking, the HTTP session hijacking is presented, and an experiment is made to testify the possibility of HTTP man in the middle attack. It proves that HTTP session hijacking could be taken place on switch LAN easily, when LAN users downloading the files on the HTTP protocol. At the end of this paper, the advices are given on how to improve the network security and prevent HTTP session hijacking by using the three ways: static ARP table,watch the ARP table and HTTPS protocol.

Key words: ARP spoof, Session hijacking, MITM