basic concept
跨站请求伪造(Cross-site request forgery)
Short CSRF
for cross-site scripting, which is not the same as a cross-site scripting vulnerability despite its similar name. XSS
Take advantage of trusted users within a site, while CSRF
taking advantage of trusted websites by disguising requests from trusted users.
The main difference between CSRF and reflected XSS is: 反射型XSS
the purpose of CSRF is to execute scripts on the client side, CSRF
and the purpose of CSRF is to perform operations in web applications.
CSRF跨站请求伪造
The attack forces a logged-in user's browser to send forged HTTP requests, including the user's session cookie and other authentication information, to a vulnerable web application that the application considers to be legitimate requests from the user.
CSRF attack type
GET 类型的 CSRF 攻击
, such as constructing a request in an img tag in the website, when the user opens the website, the submission will be initiated automatically.POST 类型的 CSRF 攻击
, such as building a form, then hiding it, and automatically submitting the form when the user enters the page.链接类型的 CSRF 攻击
, such as constructing a request in the href attribute of the a tag, and then induce the user to click.
CSRF attack defense
The basic idea is to avoid disclosing information to the attacker, so as to increase the difficulty for the attacker to forge the request, or increase the verification strength of the request.
1. Avoid displaying the parameter content of a specific operation in clear text in the URL 2. Verify the Referer information in the
HTTP header 3. Add token to the request address and verify 4. Customize attributes in the HTTP header and verify 5. Require users to submit additional verification information