CSRF (cross-site request forgery)

Others 2020-02-13 00:11:07 views: null

1.CSRF Profile

  CSRF full name is Cross Site Request Forgery (CSRF), is an enticing a user to visit a page, then the user identity theft attacks to perform one operation at a third-party site, the nature of its operations due to the important All parameters are can be used by attackers to guess.

2.CSRF detection

  CSRF has collected 2.1 points of value in (permission required)

    csrf due to the particularity of its use, does not require that all packets throughout the site are tested again, just have csrf test point values ( real-time operation requires permission ) to

    Such as: transfers, shopping, change passwords, delete, publish content ...

  2.2 GET types of CSRF detection

         If there are other authentication token parameter, whether the attempt to remove the normal request parameters. If you can, that is, the presence of CSRF vulnerabilities.

  2.3 POST type detection CSRF

        If there are other authentication token parameter, whether the attempt to remove the normal request parameters. If you can, then remove the contents referer parameters, if you still can, indicating the presence of CSRF vulnerabilities can use the structure as external form of the form to achieve the attack. If the request fails directly remove referer parameters, which can continue to verify whether referer judge strictly, whether bypassed.

3.CSRF examples

  Tools: burpsuite Engagement tools in the Generate CSRF PoC module

  3.1 Change Password fetch packets sent to the Repeater module

  3.2 Right-click Select Engagement tools, CSRF POC

  3.3 good html code configured to copy out, saved as html format

  3.4 Open html file saved with the browser, click on the Submit request button

  3.5 Modify success

4.CSRF defense

  4.1 Verification code: Verification code Profile is against CSRF most effective means of defense, but in consideration of the user experience, the site can not all add code to all operations.

  4.2 referer:用于检查请求是否来自合法的源,referer的缺陷在于,服务器并非什么时候都可以取到referer,很多用户处于隐私保护的考虑,限制了referer的发送

  4.3 token:产生一个随机数,使攻击者无法构造一个完整的URL。

5.学习链接

先知论坛:https://xz.aliyun.com/t/6128

 红日安全:https://github.com/hongriSec

 

  

 

Guess you like

Origin www.cnblogs.com/Excellent-person/p/12301279.html
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com