Cross Site Request Forgery (CSRF)

CSRF The full name of the attack is cross site request forgery （ cross site request forgery ）： Is a malicious use of the site , Although it sounds like XSS Cross site scripting attacks are a bit similar , But in fact CSRF And XSS The difference is very big ,XSS Use the trusted users in the site , and CSRF It is to use the trusted website by masquerading the request from the trusted user .

Simple understanding ： A vulnerability that can be used by an attacker to send a forged request to the server through the user browser pretending to be a user and successfully executed by the target server is called CSRF Loophole . 

characteristic ：

• User browser ： Represents a trusted user for
• Impersonation ： Malicious programs impersonate trusted users （ browser ） identity
• Falsify a request ： Access initiated by a trusted user's browser

1、CSRF Attack principle

CSRF The attack principle and process are as follows ：

1. The user opens the browser , Visit trusted sites A, Enter the user name and password to log in to the website A;
2. After the user authenticates the information , Website A produce Cookie Information and return it to the browser , At this time, the user logs into the website A success , Can send request to website normally A;
3. The user did not exit the website A Before , In the same browser , Open one TAB Page visit website B;
4. Website B After receiving the user's request , Return some offensive code , And send a request to visit a third-party site A;
5. After the browser receives the attack code , According to the website B Request , Carry... Without the user's knowledge Cookie Information , To the website A Request . Website A I don't know that the request was actually made by B Sponsored , So according to the user C Of Cookie Information to C Permission to process the request , Lead from website B The malicious code was executed .

2、CSRF Analysis of the causes of loopholes

get request ：

<img src="http://www.study.com/admin/resetPassword?id=1" />

<iframe src="http://www.study.com/admin/resetPassword?id=1"style='display:none'></iframe>

post request ：

<!-- Hide form 、 Automatic submission , Pass the function iframe Introduce a new page -->
<iframe src="form.html" style='display:none'></iframe>

3、CSRF Vulnerability hazard analysis

CSRF Attack characteristics ：

• Attack timing ： Website cookie There is no expiration in the browser , Don't close the browser or log out
• Attack premise ： Have a certain understanding of the target website interface
• Attack difficulty ： The attack is more difficult than XSS
• And XSS Compared to attack ,CSRF Attacks are often unpopular （ So there are few resources to guard against it ） And hard to prevent , So it's considered a ratio XSS More dangerous .

harm ：

4、CSRF Safety protection

• Distinguish whether it is a forged request
• Secondary verification

referer check ：

        HTTP Referer yes header Part of , When the browser to web When the server sends the request , Usually with Referer, Tell the server which page is linked from , The server can therefore obtain some information for processing .

• Verify in the gateway filter
• Define interceptors in the corresponding microservices
• Specific business code

Exceptions ： Sign in

  @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws
            Exception {
        logger.debug(" The interceptor intercepted the right ：{} The interview of ", request.getRequestURI());
        String referer = request.getHeader("referer");
        logger.debug("referer:{}", referer);
        StringBuilder sb = new StringBuilder();
        sb.append(request.getScheme()).append("://").append(request.getServerName());
        logger.debug("basePath:{}", sb.toString());
        if (referer == null || referer == "" || !referer.startsWith(sb.toString())) {
            response.setContentType("text/plain; charset=utf-8");
                    response.getWriter().write(" Illegal access , Please ask normally through the page ！");
            return false;
        }
        return true;
    }

Business secondary verification ：

• Change Password , You need to enter the original password
• The transaction system sets the transaction password
• Add graphic verification code verification
• Online banking transfer SMS verification code  

5、CSRFTester

        CSRFTester Is a CSRF Vulnerability testing tools , The test principle of this tool is as follows ： It uses a proxy to grab the accessed connections and forms in the browser , By means of CSRFTester Modify the corresponding forms and other information , To resubmit , It's equivalent to a fake client request , If the tested request is successfully accepted by the website server , It means that there is CSRF Loophole , Otherwise, it doesn't exist . This tool can also be used for CSRF attack .

After accessing the browser manually , Will be in CSRF tester Record the access path , To generate CSRF attack html