Web Security (VIII) what is CSRF attack? Why can token prevent csdf attacks?

CSRF Attack Overview

**CSRF（Cross Site Request Forgery）** yes Cross-site request forgery .

Cookie There is an expiration time , In the meantime ,Cookie It's stored on the client side , When you visit the same website again , The browser will automatically HTTP The request will automatically bring the information of the website user after logging in Cookie

CSRF The attack takes advantage of this , Borrow the user's Cookie, To perform operations that are not intended by the user .

for instance ：

Xiao Ming logs in to an online bank , He came to the post area of online banking , See a post with a link below it “ Scientific financial management , The annual profit rate is over ten thousand ”, Xiaozhuang opens this link curiously , It turned out that I had less accounts 10000 element . This is the case ？ It turns out that the hacker hid a request in the link , This request directly used Xiao Ming's identity to send a transfer request to the bank , Through your Cookie Make a request to the bank .

<a src=http://www.mybank.com/Transfer?bankId=11&money=10000> Scientific financial management , The annual profit rate is over ten thousand </>

So simple use Cookie, Will receive CSRF attack .

Then why Token Can prevent CSDF Attack ？

token The rule of verification is , Server slave request body （POST） Or request parameters （GET） Get the setting in token, And then Cookie Medium token Compare , The request is executed only after it is consistent .

and CSRF The attack just borrowed Cookie, Can't get Cookie Information in , So we can't get Cookie Medium token, You can't send a request in POST perhaps GET Set in token, When sending a request to the server ,token Verification failed , Then the request will not be processed .

therefore ,token Can prevent CSRF attack .

CSRF Protection strategy

CSRF Usually from a third-party website , The attacked website can't prevent the attack , Only by enhancing your website for CSRF To improve safety .

CSRF There are two characteristics ：

• CSRF（ Usually ） Occurs in third party domain names .
• CSRF The attacker can't get Cookie Etc , Just use .

For these two points , We can specifically develop protection strategies , as follows ：

• Block access to unknown domains
  • Homology detection , That is, forbid foreign domains directly （ Or untrusted domain names ） Make a request to us .
  • Samesite Cookie, In order to solve this problem from the source ,Google A draft was drawn up to improve HTTP agreement , That's for Set-Cookie New response header Samesite attribute , It's used to mark this Cookie It's a “ Same station Cookie”, Same station Cookie Only as the first party Cookie, Not as a third party Cookie.
• When submitting, it is required to attach the information of this domain
  • CSRF Token
  • double Cookie verification