First, what is CSRF
1. CSRF (XSRF) defined
2. CSRF principle introduction
Two conditions 3. CSRF attacks
① Log trusted site A, and the cookie is generated locally
② without log out of the site A, B visit dangerous websites
4. CSRF XSS difference with the
csrf does not require site has other vulnerabilities, easier to use, but it could have a big flaw, it is necessary to know which page to submit a request, what kind of request parameters, generally used in the site or in the very understanding dug code audit after CSRF vulnerability
5. CSRF defenses
(1) authentication token value.
(2) Verify Referer HTTP header.
(3) used in the additional header in XMLHttpRequest.
Two, CSRF simple use
1. CSRF submit a GET request (DVWA Experiment)
2. CSRF submits a POST request
3. AJAX, same origin policy cross-domain requests (to understand the concept)
Use AJAX to perform CSRF vulnerabilities failure (do not use the CSRF in ajax):
4. CSRF and XSS binding (DVWA Experiment)
Use of storage type xss vulnerabilities CSRF attacks written statement to the database, will perform CSRF attacks statement when viewing stored data whenever administrator
5. Understand origin policy and cross-domain request
① first is that what is the source
• Source (origin) is the protocol, domain name and port number.
Source in the above url is: http: //www.company.com: 80
If the address inside the protocol, domain name and port number are the same it belongs to homologous.
The following are homologous with respect to the detection http://www.a.com/test/index.html
• http://www.a.com/dir/page.html ---- success
• http://www.child.a.com/test/index.html ---- fails, different domain name
• https://www.a.com/test/index.html ---- fails, different protocols
• http://www.a.com:8080/test/index.html ----失败,端口号不同
②什么是同源策略?
同源策略是浏览器的一个安全功能,不同源的客户端脚本在没有明确授权的情况下,不能读写对方资源。所以a.com下的js脚本采用ajax读取b.com里面的文件数据是会报错的。
• 不受同源策略限制的:
(1)页面中的链接,重定向以及表单提交是不会受到同源策略限制的。
(2)跨域资源的引入是可以的。但是js不能读写加载的内容。如嵌入到页面中的<script src="..."></script>,<img>,<link>,<iframe>等。