Whether the number of words in blog posts is online or not , Only the first half of my article , The actual combat part is not shown ; Pay attention to the second half of my blog ( The actual part )
XSS attack
XSS summary
XSS That is, cross site script attack ,(Cross-Site Scripting, CSS), But to match cascading style sheets (Cascading Style Sheets, CSS) Distinguish abbreviations , So it's called XSS.
XSS It's a code injection attack , An attacker can inject malicious script code into a trusted web page , When a user visits a trusted web page, it triggers a malicious script and is attacked . The attack object changes from server to user .
In the first place , This attack is intended to achieve cross domain , So it's called “ Cross site scripts ”. But to this day , because JavaScript The powerful function of the website and the complexity of the front-end application ,xss The focus of is no longer on cross domain , But the idea of cross domain scripting attacks has remained .
What is cross domain request ?
seeing the name of a thing one thinks of its function , Is a site in the resources to access a different domain name site on the resources . In the website style Label load external style sheet file 、 through too img Tag load external picture 、 adopt script Tag load external script file 、 adopt Webfont Loading font files and so on are all cross domain requests .
Cookie What is it? ?
Cookie It is a technology that allows the web server to store a small amount of text data to the client .
because http Protocol is stateless ,web The server cannot distinguish the source of the request . therefore web The server needs additional data to maintain the session .Cookie along with http request 、 The response is passed along . Server through set-Cookie Send the required settings to the client cookie , Client pass Cookie The header passes... To the server Cookie. Its main role is to identify users 、 Maintain conversation .
Cookie According to the location stored in the client , Divisible memory cookie And the hard disk cookie. Memory cookie Maintained by the browser , Save in memory , The browser closes and disappears , The time of its existence is short . Hard disk cookie Save on hard disk , There is an expiration time , Unless the user cleans it manually or it is expired , Otherwise... In the hard disk cookie It won't be deleted , Its existence is long term . therefore ,cookie Also lasting cookie And not lasting cookie.
notes :JavaScript Use in document.cookie Call the... Of the current page cookie;
Set-Cookie: name=cl4y; expires=Wed, 13-Mar-2019 12:08:53 GMT; Max-Age=31536000; path=/; domain=fafa.com;secure; HttpOnly;
explain :
name=cl4y; cookie value
expires=Wed, 13-Mar-2019 12:08:53 GMT; cookie Expiration time
path=/; File directory of sending range
domain=fafa.com; The domain name of the sending range
secure Stipulate that the agreement is https
HttpOnly JavaScript Script cannot get Cookie
Session What is it? ?
When a program needs to create a session when , The server first checks whether the client's request contains a session identification ( be called SessionID), If it is included, it means that it has been created for this client before session, The server follows SessionID Put this session Retrieve and use ; If the client request does not contain SessionID, Then create a session And generate a session The associated SessionID, This SessionID It will be returned to the client for saving in this response .
Cookie And Session Commonness of
- Identify users 、 Maintain conversation .
Cookie And Session The difference between
cookie There are clients , The past or not can be seen in cookie Set it when generating ,session It's on the server , Expiration depends on the setting of the service period .
cookie Not very safe , Others can analyze the local COOKIE And carry on COOKIE cheating , If the main consideration is safety, we should use session
cookie The limit on the client side is 3K
session Saving on the server side will take up performance , If the main consideration is to reduce server performance , Should be used COOKIE
The same-origin policy
The same origin policy limits how resources interact between different sources , Is an important security mechanism for isolating potentially malicious files . Whether the homology is determined by URL decision ,URL By agreement 、 domain name 、 Ports and paths make up , If two URL The agreement 、 Domain name and port are the same , They are of the same origin . This policy can prevent malicious scripts on a web page from passing through the document object model of the page (DOM) Access sensitive data on another web page .
file Homology
Domain name or IP Address
subdomain
port
agreement
Cookie Homology
No matter which protocol is used (HTTP/HTTPS) Or port number , Browsers allow access to a given domain and any of its subdomains cookie. Set up cookie when , have access to domain / path / secure and http-only Tag to limit its accessibility .
therefore https://localhost:8080/ and http://localhost:8081/ Of Cookie Is Shared .
Cross domain access
Cross domain labels :
<script> <script src="..."></script> Tags are embedded in cross domain scripts .
<link> <link rel="stylesheet" href="..."> Tag insertion CSS.
<img> / <video> / <audio> <img src="..."> Embed multimedia resources .
<frame> <iframe> <iframe src="..."> Any resources loaded .
<object> <embed> <applet> <object data="...”> Loading plug-ins
@font-face font-face - CSS Introduced Fonts .
… All have src Attribute HTML Tags can be cross domain
Other cross domain approaches
JSONP utilize <script> The principle of cross domain , And in the cross domain script, you can directly call back the functions of the current script
CORS server setting Access-Control-Allow-Origin HTTP After response header , Browser will allow cross domain requests
document.domain Pages under the same primary domain name and different subdomains , You can set document.domain Make them in the same domain
window.name All pages loaded in one window share one window.name, And window.name Last forever
window.postMesage By monitoring message Event to listen for information , It can span the main domain name
…
JSONP Cross domain
JSON
- JSON(JavaScript Object Notation) Is a lightweight data exchange format .
- JSON Is a sequence of markers . This set of markers contains six construction characters 、 character string 、 Numbers and three literal names .
- JSON Is a serialized object or array .
{"username": "cl4y", "password" : "admin888" } {'id': 233, 'info':['user': 'admin', 'pass': '8888']} http://10.211.55.2/lesson/xss/json.php
JSONP
- JSONP yes JSON with padding( Filling type JSON Or parametric JSON) Abbreviation , It carries json Information and callback function name .
- JSONP The principle of implementing cross domain requests is simply , It's dynamic creation
