What is the principle of csrf attack? 02/24 Update SLTechnology News&Howtos

Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

What is the principle of csrf attack?

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what is the principle of csrf attack". In daily operation, I believe that many people have doubts about the principle of csrf attack. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "what is the principle of csrf attack?" Next, please follow the editor to study!

What is the principle of 1 csrf attack? When you gain the trust of website A, visit website B, which contains a disguised request to visit A, so that you can take the cookie of website A to visit the background of A.

2 cross-domain can not access cookie, why can you carry the cookie of A website in B website. You can edit the crc property of the picture into a request to visit the A website. Since you are visiting website A, it is natural to carry the cookie of website A.

3 how to prevent it? The request header of http has a reffer attribute, which represents the source of the request, that is, the website from which the request was initiated. The background verifies whether the request comes from website A, and if not, intercepts the request. It works in most cases, but some older browsers, such as earlier versions of ie, are said to be able to modify reffer, and some other technologies seem to modify new browsers as well.

4 another way is token verification. After a successful login, the server generates a random token to the browser. The browser carries the token when submitting the form, verifies in the background whether the token is the same as that given to the browser, and intercepts it if it is different.

5 note that this token cannot be stored in cookie, because the csrf attack is to swindle your cookie, and the work in cookie is in vain. The way you can think of is to store it in the global variable of js.

At this point, the study of "what is the principle of csrf attack" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Weibo

Weibo

Tencent

Tencent

Renren

Renren

QQZone

QQZone

Douban

Douban

More

More

Weibo

Weibo

Tencent

Tencent

Renren

Renren

QQZone

QQZone

Douban

Douban

Yixin

Yixin

Related

Build zoopker+hbase environment

Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope

2023-12-25 21:17:29 shulou Views: 330
Lenovo Rescue Y700 2023 tablet push ZUI 15.0.723 system Grayscale Test: add

CTOnews.com, December 23, ZUI officially announced that the Rescue Y700 2023 tablet will open the ZU

2023-12-25 21:14:50 shulou Views: 342
Cybertruck: future species redefine cars

"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un

2023-12-25 21:13:36 shulou Views: 341
An example Analysis of the Wechat Web Landing Authorization of the Wechat Public platform of php version

This article mainly shows you the "php version of Wechat public platform Wechat web login authorizat

2023-12-25 20:31:50 shulou Views: 267
What are the relevant knowledge points of PHP class

2023-12-25 20:31:29 shulou Views: 317

Internet Technology

What is the closure in Spark?

This article mainly talks about "what is the closure in Spark". Interested friends may wish to take a look at it. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "what is the closure in Spark"? The concept of closures is shown below: in spark applications

2022/06/02 shulou Views: 249
How to realize scheduled tasks in PHP

This article will explain in detail how to achieve timing tasks in PHP. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article. one。 Simple and direct regardless of the consequences

2022/06/02 shulou Views: 280

The method of Revit contact Filtration

This article mainly introduces the relevant knowledge of "Revit contact filtering method". The editor shows you the operation process through the actual case. The operation method is simple, fast and practical. I hope this "Revit contact filtering method" article can help you solve the problem. Selected and extruded entities are

2022/05/31 shulou Views: 264
The method of installing Mongodb online and offline in CentOS

This article mainly introduces "the method of installing Mongodb online and offline for CentOS". In daily operation, it is believed that many people have doubts about the method of installing Mongodb online and offline for CentOS. The editor consulted all kinds of materials and sorted out simple and useful operation methods.

2022/05/31 shulou Views: 253
What does storage management achieve?

This article mainly introduces the purpose of storage management, which is very detailed and has a certain reference value. Friends who are interested must read it! The purpose of storage management is to expand the capacity of main memory and improve the utilization efficiency of main memory. Storage management is the management technology of main memory, and its main purpose is

2022/06/02 shulou Views: 244

More Internet Technology >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12

Report