CSRF attacks on web Security

CSRF attacks on web Security
CSRFCSRF (Cross-site request forgery, also known as "one click attack" or session riding, usually abbreviated as CSRF or XSRF, is a type of malicious use of websites. Although it sounds like XSS, it is very different from XSS, and the attack method is almost different. XSS uses trusted users in the site, while CSRF uses trusted websites by disguising requests from trusted users. Compared with XSS attacks, CSRF attacks are often less popular (so the resources to prevent them are quite scarce) and difficult to prevent. Therefore, XSS attacks are considered to be more dangerous than XSS attacks.
You can understand the CSRF attack in this way: attackers steal your identity and send malicious requests in your name. What CSRF can do includes sending emails, sending messages, stealing your account, or even purchasing goods, and transferring virtual currency ...... these problems include personal privacy leaks and property security.
This article briefly introduces the idea of CSRF Attacks:

For attack examples, you first log on to the Turing network account, and then open the connection to the attack example (I declare that it will not cause any loss to you)
Haha, do you really think you haven't done anything to you? The answer is yes! If you first log on to the Tuling network account and then open the attack example to connect to it, then you will be able to access my other article file upload and download security issues (Upload Vulnerability and Directory Traversal attack) watch
Have you intentionally added this article to your favorites)
Next let's take a look at how the Attack Script is written (you can open the web page to view the source code)

<! -- Favorites -->  <! -- Recommended  Give me one or two silver  follow me <form id =" follow "action =" http://www.ituring.com.cn/users/follow/177592 "method =" post "> </form> <script> document. getElementById ("follow "). submit (); </script>

--> This is my test server. Now you can go back to Turing and continue reading the article.

I have paid off some of the Silver below, so it's none of my business to see if your silver is lost.
Why is the cause analysis so difficult? The reason is that Turing network uses the get request method and new user data. before accessing my server, you have logged on to Turing network, the img src request in my attack script is the connection to your favorite article (this was originally a legal request, but it was used incorrectly ), therefore, the browser will bring your session (cookie) in the Turing community to access and add articles to favorites. The server will surely think that you are performing the favorites operation when receiving requests!
Defense methods

** Website user defense method **

1. Do not open third-party connections easily. (For example, some email systems use 163 qq. If there is a third-party connection in the email, you will receive corresponding prompts when you open the email, so proceed with caution)
2. try not to use "automatic login" of the website ". if you access the "attack example" and add the article to your favorites as soon as you open your browser, You must select the "next automatic login" check box when logging in. when the src connection address sends a request, the automatic login function is triggered to open the session with the Turing community. to steal your identity

** Website developer defense measures **

Use post requests (this method is a temporary solution. For example, if you add a follow operation, write a post Request Form action address as the followed url. When you access the attacked webpage, automatically submit the form using js when loading on your page )! It seems you can transfer your money to my account. the verification code can solve the above problem. However, if any operation is added to the Verification code, the user experience is lower. the random number can only be added when the user operates important data (for example, exchange books or transfers). the random number is included in the request operation (the code is blocked here)

Action. jsp

<% // A random character generated by the server. After obtaining the random character, the String sessionCsrf = session is cleared. getAttribute ("csrfValue"); // String reqeustCsrf = request submitted by the form request. getParameter ("_ csrf"); if (! SessionCsrf. equals (reqeustCsrf) {// operation not allowed} else {}%>