{"id":15176781,"url":"https://github.com/visheshc14/skin","last_synced_at":"2026-02-25T17:06:06.224Z","repository":{"id":37178261,"uuid":"413738383","full_name":"visheshc14/Skin","owner":"visheshc14","description":"Web Security (BCI3001) Project - Prevention of Session Hijacking using Session ID Reset Approach With The Implementation of Kerberos Algorithm in Go \u0026 Rust.","archived":false,"fork":false,"pushed_at":"2023-03-06T12:46:16.000Z","size":1086,"stargazers_count":1,"open_issues_count":16,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-30T05:05:47.683Z","etag":null,"topics":["authentication","express","go","golang","kerberos-authentication","kerberos-client","kerberos-server","kerberos-spnego","ntlm-authentication","react","reactjs","rust","rust-lang","rustlang","tailwind-css"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/visheshc14.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-05T08:42:36.000Z","updated_at":"2023-03-07T09:17:56.000Z","dependencies_parsed_at":"2024-06-20T19:11:58.613Z","dependency_job_id":"33590c9c-8268-4608-be23-f16720afdff6","html_url":"https://github.com/visheshc14/Skin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/visheshc14%2FSkin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/visheshc14%2FSkin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/visheshc14%2FSkin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/visheshc14%2FSkin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/visheshc14","download_url":"https://codeload.github.com/visheshc14/Skin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247190390,"owners_count":20898737,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","express","go","golang","kerberos-authentication","kerberos-client","kerberos-server","kerberos-spnego","ntlm-authentication","react","reactjs","rust","rust-lang","rustlang","tailwind-css"],"created_at":"2024-09-27T13:42:26.319Z","updated_at":"2025-10-26T11:43:45.247Z","avatar_url":"https://github.com/visheshc14.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Skin\nWeb Security (BCI3001) Project - Prevention of Session Hijacking using Session ID Reset Approach with the Implementation of Kerberos Algorithm in Go \u0026amp; Rust.\n\nSession ID - Reset Approach with Implementation of Kerberos Algorithm.  \n\nExpress session stores sessionID in cookie and it will set that cookie in frontend (browser and you can see that cookie called connect.sid in browser) from backend (server). Whenever any request comes from browser first it will check for that cookie (in which sessionID is stored.) If it finds the cookie it doesn't create new session otherwise it will create again a new session. (you can check it by logging req.sessionID in requests).\n\nTo overcome this for every request we are making from frontend (browser) we have to send that cookie to backend (server). Server will automatically parse cookie and doesn't create any new session for every request.\n\nWe were using axios for request calls in which for every request we were adding {withCredentals:true} so that browser can send cookies to backend server (automatically).\n\nExample - \n```javascript\nvar FileStore = require('session-file-store')(session);\n\napp.use(cors({\n origin:[process.env.ORIGIN],//Frontend Server localhost:8080\n methods:['GET','POST','PUT','DELETE'],\n credentials: true // Enable Set Cookie\n}));\n\napp.use(cookieParser(process.env.SESSIONSECRET)); // Any String Ex: 'Keyboard Cat'\napp.use(session({\n  secret: process.env.SESSIONSECRET,\n  store:new FileStore,\n  cookie:{\n    maxAge:36000,\n    httpOnly:false,\n    secure:false // For Normal HTTP Connection if HTTPS is There We Have to Set it to True\n    },\n  resave: false,\n  saveUninitialized: true\n})) \n\napp.use(function(req, res, next) {\n\nres.header('Access-Control-Allow-Credentials', true);\nres.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE');\nres.header(\"Access-Control-Allow-Origin\", process.env.ORIGIN);\nres.header(\"Access-Control-Allow-Headers\", \"Origin, X-Requested-With, Content-   Type, Accept, Authorization\");\nnext();\n});\n\napp.use(bodyParser.json());\napp.use(bodyParser.urlencoded({extended: true}));\n\n// Rest of Code is The Mongo Connection\n```\nAxios Rest Calls::\n```javascript\n axios.defaults.withCredentials = true;\n axios.get('http://localhost:8080/getDetails',{\n           headers:{\n                    withCredentials:true,\n\n                   }\n  });\n```\n\u003cimg width=\"1440\" alt=\"2\" src=\"https://user-images.githubusercontent.com/36515357/136685074-01f423ef-1b2a-42d3-85b7-bbe8844e4139.png\"\u003e\n\n\u003cimg width=\"1440\" alt=\"3\" src=\"https://user-images.githubusercontent.com/36515357/136685076-64a139fd-7aaf-443f-a5d9-b70a2293a47f.png\"\u003e\n\n\u003cimg width=\"1440\" alt=\"4\" src=\"https://user-images.githubusercontent.com/36515357/136685080-70c863b8-4f8f-45c9-b53b-c48e445fba6d.png\"\u003e\n\n![architecture](https://user-images.githubusercontent.com/36515357/136011313-ca3a6bec-b710-468f-ba76-b704944a4693.png)\n\nKerberos in Rust.\nReverse Proxy Server to Front This and Handle SSL.\n\n```\ncargo build\n./target/debug/kkdcp\n```\n```\nserver {\n\tlisten 443;\n\tlisten [::]:443;\n\tserver_name visheshchoudhary.me;\n\n\tssl on;\n\tssl_certificate /etc/ssl/certs/kdcproxy.pem;\n\tssl_certificate_key /etc/ssl/private/kdcproxy.key;\n\n\troot /var/www/kdxproxy;\n\tindex index.html;\n\n\tlocation /KdcProxy {\n\t\tproxy_pass http://127.0.0.1:8125/;\n\t\tinclude proxy_params;\n\t\tadd_header Cache-Control \"no-cache, no-store, must-revalidate\";\n\t\tadd_header Pragma no-cache;\n\t\tadd_header Expires 0;\n\t}\n}\n```\n![Screenshot (13)](https://user-images.githubusercontent.com/36515357/136888548-0ac43cb1-f1fa-4c62-99aa-5f4d5c494dd0.png)\n\n![Screenshot (14)](https://user-images.githubusercontent.com/36515357/136888557-e9da53a8-7956-4a5d-b86e-67911390f1b5.png)\n\nKerberos in Go Example With Two Different API's To Grasp out The Difference Between Two Approaches. \n\nIn Kerberos.go GSSAPI Has Been Used, The Generic Security Service Application Program Interface is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today.\n\n```GO\npackage kerberos\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/apcera/gssapi\"\n\t\"github.com/apcera/gssapi/spnego\"\n)\n\ntype contextKey string\n\nfunc (key contextKey) String() string {\n\treturn fmt.Sprintf(\"kerberos/%s\", string(key))\n}\n\nconst (\n\tserverKey     = contextKey(\"server\")\n\tcredentialKey = contextKey(\"credential\")\n\tuserKey       = contextKey(\"user\")\n)\n\nfunc Server(ctx context.Context) spnego.KerberizedServer {\n\treturn ctx.Value(serverKey).(spnego.KerberizedServer)\n}\n\nfunc Credential(ctx context.Context) *gssapi.CredId {\n\treturn ctx.Value(credentialKey).(*gssapi.CredId)\n}\n\nfunc User(ctx context.Context) string {\n\treturn ctx.Value(userKey).(string)\n}\n\nfunc UserOk(ctx context.Context) (string, bool) {\n\tuser, ok := ctx.Value(userKey).(string)\n\treturn user, ok\n}\n\nfunc WithContext(ctx context.Context, keytab, spn string) (context.Context, error) {\n\tgss, err := gssapi.Load(\u0026gssapi.Options{Krb5Ktname: keytab})\n\tif err != nil {\n\t\treturn ctx, err\n\t}\n\n\tserver := spnego.KerberizedServer{Lib: gss}\n\tctx = context.WithValue(ctx, serverKey, server)\n\n\tcred, err := server.AcquireCred(spn)\n\tif err != nil {\n\t\treturn ctx, err\n\t}\n\n\treturn context.WithValue(ctx, credentialKey, cred), nil\n}\n\nfunc Authenticate(next http.Handler) http.Handler {\n\treturn http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n\t\tctx := r.Context()\n\n\t\tserver := Server(ctx)\n\t\tcred := Credential(ctx)\n\t\tuser, status, err := server.Negotiate(cred, r.Header, w.Header())\n\n\t\tif status != http.StatusOK {\n\t\t\thttp.Error(w, err.Error(), status)\n\t\t\treturn\n\t\t}\n\n\t\tctx = context.WithValue(ctx, userKey, user)\n\t\tnext.ServeHTTP(w, r.WithContext(ctx))\n\t})\n}\n```  \nHTTP Kerberos Authentication - Implemented in GO, Example Authentication Using Chiltak API - The Documentation Referred Explained Here.\n\nAuthentication can be added to any method that sends an HTTP request to the server, such as SynchronousRequest, QuickGetStr, PostXml, etc. To add authentication, simply set the Login and Password properties.\n\nBy default, Chilkat will use basic HTTP authentication, which sends the login/password clear-text over the connection. This is bad if SSL/TLS (i.e. HTTPS) is not used. However, if the connection is secure, there should be nothing wrong with using basic authentication.\n\nChilkat supports more secure authentication types as well, including Digest, NTLM, and Negotiate (which dynamically chooses between NTLM and Kerberos). To use Digest authentication, simply set the DigestAuth property = true. To use NTLM authentication, set the NtlmAuth property = true. Likewise, to use Negotiate authentication, set the NegotiateAuth property = true.\n\n```GO\n    // This Example Assumes Chilkat API To Be The Best Alternative For Explanation.\n    http := chilkat.NewHttp() \n\n    // Set the Login and Password properties for authentication.\n    http.SetLogin(\"chilkat\")\n    http.SetPassword(\"myPassword\")\n\n    // To use HTTP Basic authentication..\n    http.SetBasicAuth(true)\n\n    html := http.QuickGetStr(\"http://localhost/xyz.html\")\n    if http.LastMethodSuccess() != true {\n        fmt.Println(http.LastErrorText())\n        http.DisposeHttp()\n        return\n    }\n\n    // Examine the HTTP status code returned.  \n    // A status code of 401 is typically returned for \"access denied\"\n    // if no login/password is provided, or if the credentials (login/password)\n    // are incorrect.\n    fmt.Println(\"HTTP status code for Basic authentication: \", http.LastStatus())\n\n    // Examine the HTML returned for the URL:\n    fmt.Println(*html)\n\n    http2 := chilkat.NewHttp()\n\n    // To use NTLM authentication, set the \n    // NtlmAuth property = true\n    http2.SetNtlmAuth(true)\n\n    // The session log can be captured to a file by\n    // setting the SessionLogFilename property:\n    http2.SetSessionLogFilename(\"ntlmAuthLog.txt\")\n\n    // Examination of the HTTP session log will show the NTLM\n    // back-and-forth exchange between the client and server.\n\n    // This call will now use NTLM authentication (assuming it\n    // is supported by the web server).\n    html = http2.QuickGetStr(\"http://localhost/xyz.html\")\n    // Note: \n    if http2.LastMethodSuccess() != true {\n        fmt.Println(http2.LastErrorText())\n        http.DisposeHttp()\n        http2.DisposeHttp()\n        return\n    }\n\n    fmt.Println(\"HTTP status code for NTLM authentication: \", http2.LastStatus())\n\n    http3 := chilkat.NewHttp()\n\n    // To use Digest Authentication, set the DigestAuth property = true\n    // Also, no more than one of the authentication type properties \n    // (NtlmAuth, DigestAuth, and NegotiateAuth)  should be set\n    // to true.  \n    http3.SetDigestAuth(true)\n\n    http3.SetSessionLogFilename(\"digestAuthLog.txt\")\n\n    // This call will now use Digest authentication (assuming it\n    // is supported by the web server).\n    html = http3.QuickGetStr(\"http://localhost/xyz.html\")\n    if http3.LastMethodSuccess() != true {\n        fmt.Println(http3.LastErrorText())\n        http.DisposeHttp()\n        http2.DisposeHttp()\n        http3.DisposeHttp()\n        return\n    }\n\n    fmt.Println(\"HTTP status code for Digest authentication: \", http3.LastStatus())\n\n    http.DisposeHttp()\n    http2.DisposeHttp()\n    http3.DisposeHttp()\n```\n# Made by Vishesh Choudhary, Aditi Jain \u0026 Pranav Singh :heart:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvisheshc14%2Fskin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvisheshc14%2Fskin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvisheshc14%2Fskin/lists"}