CSRF (Cross-Site Request Forgery) is a forgery, literallyCross-site, indicating that the malicious attack request is from a different domainThe other isForgery, indicating that the request was not made by the user's true intention, but was tricked into clicking through some deceptive means.
Now we have the following two sites:
www.a.comwww.b.com assumes that site A has a list of articles, and you can click the button to delete the articles, and the corresponding request iswww.a.com/article/del?id=1
So what's the attack idea of CSRF?
First of all, since it is cross-site, then construct one at site bwww.b.com/csrf.htmlThen, use the img tag to place a ** in the page
Next, there is a key point, which is to deceive the user who has logged in ** A to visit the page constructed by site B, at this time there is a login state, img will carry a cookie when it makes a request, and then you can unconsciously delete this article The above is a get request, and there is also a post request, the idea is the same: for example, if you want to add a new article to site A, then use j**ascript to construct a form after forging the page in site B. The action address points to the API address of the new article on site A, and after the user accesses, the request will carry a cookie, and after identity authentication, the article can be added unknowingly.
HTML CSRF AttackJSON Hijacking AttackFlash CSRF Attack HTML CSRF Attack is simply a request made by an HTML element, for exampleimglinkaThese come with cross-domain tags.
For example, an interface URL provides a callback ** to process the data, then use this callback to forge a CSRF request to manipulate the data.
Tamper with the user data on the target** and use the user cookie information to do some malicious operations to spread the CSRF worm for cross-site problems, you can judge the request**, specifically to give priority to the origin because it considers security, and the origin only contains domain name information;The second is the referrer, which contains a detailed path to the problem of cookie theft, which can be set to the cookiesamesiteproperty, which supports three values:strict: Turn on strict mode, in which cookies cannot be used as third-party cookies at any timelax: Permissive mode, which allows some requests to carry cookies, usually get requestsnone: There are no restrictions, and each request can be sent with a cookiecsrf tokenSince the attack is achieved by forging a request, the server can issue a token to the client, the client keeps it properly, and then carries the token every time it is requested, and the server verifies the legitimacy of the token, so as to distinguish between normal user requests and illegal requests. For ordinary users, don't open some unsolicited links, especially some spam emails received in the email.