What is CSRF?

Cross-site request forgery is referred to as "CSRF". In the CSRF attack scenario, the attacker will forge a request (this request is usually a link), and then trick the target user into clicking. Once the user clicks this request, the entireThe attack is complete.So CSRF attack also becomes "one click" attack.Many people do not understand the concept of CSRF, and sometimes even confuse it with XSS, and even confuse it with the issue of ultra vires, which is caused by the lack of understanding of the principle

CSRF is a common vulnerability in web applications. Its attack characteristics are very harmful but very hidden. Especially in the context of a large number of Web 2.0 technologies, attackers can launch attacks without users noticingCSRF attack.This article will make a systematic exposition of its basic characteristics, attack principles, attack classification, detection methods and prevention methods, and list attack examples

The CSRF attack method is not well known to everyone. In fact, many websites have CSRF security vulnerabilities.As early as 2000, the CSRF attack method has been proposed by foreign security personnel, but in China, it did not begin to receive attention until 2006.In 2008, CSRF loopholes were discovered in many large communities and interactive websites at home and abroad, such as: Baidu HI, NYTimes.com (New York Times), Metafilter (a large BLOG website) and YouTube.But until now, many sites on the Internet are still unprepared for this, so that the security industry calls CSRF a "sleeping giant", and its threat level is evident from this "reputation"

CSRF attack principle

It is to use the session state generated by the attacker to log in to the website, that is, click the malicious link or malicious code constructed by the attacker during the login state. Directly or indirectly, the victim accesses the malicious link or code, thereby reaching the attackerpurpose

A cookie will be generated when a user logs in to the website. This cookie is stored in the browser. When you close the website and reopen the website, you will find that you are still logged in. This means that the cookie authentication has not expired. If it expires, you must log in again., the attacker sends a connection in any form to tempt you, just the user accesses with the browser that stores the cookie for logging in to the website. At this time, since the cookie has not expired and this authentication is obtained, the server will think that the attacker's malicious link is reasonable, that is, the userAt this time, since this link is sent by the user, a CSRF attack is completed.

CSRF Prevention

Check the Referer field and check the token

There is a Referer field in the HTTP header. This field is used to indicate which address the request comes from. According to the source of the Referer field, it is judged whether it is legal to access the page, but adding the Referer field is easy to be tampered with, so adding a token to verify that the token value must beIf it is unpredictable, that is, there is no pattern and a special salt is added, so that if the attacker fills in the token blindly, access is denied

Where to try to exploit CSRF vulnerabilities

• Where to add users
• Data transaction, payment place
• Change password place
• Where to delete data