Shulou(Shulou.com)06/01 Report--

Brief introduction of 0x00

CSRF (Cross-site request forgery) cross-site request forgery. Because there is no token/refer restriction on the destination station, the user can complete the operation as a user to achieve various purposes. According to the mode of HTTP request, there are two ways to utilize CSRF.

CSRF of type 0x01 GET

This type of CSRF is generally caused by the lack of security meaning of programmers. The utilization of CSRF of type GET is very simple, you only need to construct a HTTP request

It is generally used like this:

When the target loads the image, the link will be loaded automatically, and the * * will be completed.

For example, in the environment of a message or blog forum, when the message content is not filtered, you can follow the above method to construct a picture link to delete the article. When the target views the blog message, because it is an image tag, the browser will automatically load the URL and the target is logged in, so the article will be deleted. This is a use of CSRF-GET requests.

CSRF of type 0x02 POST

The so-called POST type is to construct an auto-submitted form, and when the target clicks on the tag, a HTTP request will be sent as POST.

Test csrf document.csrf.submit ()

The above is a form that can be submitted automatically, and when triggered by the user, a HTTP request is sent to modify personal information.

How to repair 0x03

Precautions against CSRF:

The key operation accepts only the POST request and adds the CAPTCHA.

CSRF*** projects are often triggered unknowingly by users. When adding CAPTCHA or confirming operations, it is easy and effective to defend against CSRF.

Detect refer

There is a connection between common Internet pages and pages. For example, you should not find a link to www.google.com on www.baidu.com, or if you leave a message on a forum, no matter where you redirect after leaving a message, the previous URL must contain the input box for the message, and the previous URL will be retained in the Referer of the new page header file.

By checking the value of Referer, we can determine whether the request is legal or illegal, but the problem is that the server cannot accept the value of Referer at any time, so Refere Check is generally used to monitor the occurrence of CSRF***, not to defend against *.

Token

The current mainstream practice is to use Token to defend against CSRF***. The following is to understand why Token is effective by analyzing CSRF *.

The condition for CSRF*** to be successful is that the user can predict all the parameters to construct a legitimate request. So according to the principle of unpredictability, we can encrypt the parameters to prevent CSRF***.

A more general approach is to leave the original parameter unchanged and add another parameter, Token, whose value is random. In this way, the * user cannot construct a legitimate request for * because he does not know the Token.

Principles of using Token

Token should be random enough-only in this way can it be considered unpredictable Token is one-time, that is, updating Token---- after each successful request can increase * difficulty, increase prediction difficulty Token should pay attention to confidentiality-sensitive operations use post to prevent Token from appearing in URL-refer to learning and dark cloud drops

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.