CSRF attack

Scoring point CSRF Time Cross Site Request Forgery 、 Steal user identity to initiate request Standard answer

CSRF Cross-site request forgery （Cross Site Request Forgery） and XSS The attack is the same , There is great harm , The attacker stole the user's identity , Send malicious request as user , But for the server, the request is reasonable , This completes the attacker's goal .

CSRF The process principle of attack is ： - The user opens the browser , Visit the target website A, Enter a user name and password to request login - After the user information passes the authentication , Website A Produce a cookie The information is returned to the browser , At this time, users can normally send requests to the website A - The user is not exiting the website A Before that, another new website was opened in the same browser B. - New website B Some attack codes are returned after receiving the user request , And send a request for access to return cookie Website A - After the browser receives these offensive codes, it will launch the new website B The request of is operated with the user's permission without the user's knowledge cookie And to the website A The server initiated a legitimate request .

The prevention of CSRF The main attack strategies are as follows ：

- Use verification code , Add a random number or letter verification code to the form , Enforce direct interaction between users and applications .

- HTTP in Referer Field , Check whether it is accessed from the correct domain name , It records HTTP Requested Source address .

- Use token verification , stay HTTP Add... To the request header token Field , And establish an interceptor on the server side to verify this token, If token incorrect , Just refuse the request .

The bonus answer is

verification HTTP Referer The advantage of fields is that they are very simple to implement , Ordinary website development does not need to be particularly worried CSRF Loophole , Just set up an interceptor at the back to verify referer The value of , There is no need to change the existing code logic , Very convenient . But this method is not foolproof , although referer It's provided by the browser , But different browsers may be referer There are more or less vulnerabilities in the implementation of , So use referer The security guarantee of is realized through the browser . Use token The method of verification is better than referer It's safer , Need to put token In a HTTP Custom request header , Solved the use of get perhaps post The inconvenience of parameter transmission .