WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web
Joey Allen, Zheng Yang, Roberto Perdisci, Wenke Lee
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In an era of escalating data breaches, understanding the precise vector and impact of an attack is paramount for effective incident response and future prevention. Traditional forensic approaches, often centered on whole-system auditing and system-call-based causality graphs, fall short when confronted with the unique semantics and dynamic nature of web-based attacks. These attacks, frequently leveraging intricate JavaScript interactions, DOM manipulations, and social engineering, demand a more granular, web-aware forensic capability. The WEBRR system, presented by Joey Allen and his co-authors at USENIX Security '24, addresses this critical gap by introducing a novel forensic record and replay system specifically designed for modern web applications.
AI review
WEBRR delivers a critical advancement in web forensics by finally solving executional divergence in browser record and replay. Its deep instrumentation of Chrome's rendering engine allows for deterministic, visual reconstruction of web attacks, providing unprecedented insight for incident responders. This isn't some "AI-powered" fluff; it's real systems-level engineering that changes the game.