Introduction, simulation and precaution of CSRF attack

CSRF Attack

Web Security is the part we can not ignore, so it is very necessary to understand the basis of the attack means of implementation and prevention. what CSRF is. implementation of CSRF attack to prevent CSRF attack token realization What is CSRF attack

CSRF (Cross-site request forgery) cross-station requests for forgery, also known as "one click Attack" or Session riding, usually abbreviated as CSRF or XSRF, is a malicious use of the site. Although it sounds like Cross-site scripting (XSS), it is very different from XSS, which uses trusted users within the site, while CSRF uses trusted Web sites to disguise requests from trusted users. Compared to XSS attacks, csrf attacks are often less prevalent (and therefore very scarce resources to guard against them) and are difficult to guard against, so they are considered more dangerous than XSS. [Baidu Encyclopedia]

The popular point says, is the landing a.com//Normal website, and saved the landing information, this time landed B site, and b site is a hacker site, just for a site added JS script, at this time, JS script can not need to login password verification, direct implementation of these need to login to execute after the script. simulate CSRF attack

It is difficult to understand the csrf attack by speaking or not practicing.
Now we implement a Web site login module, and support the function of saving passwords, that is, in this store a cookie file, the implementation of the process will have many loopholes, but knowledge in order to demonstrate, so do not do too much inspection and analysis.
A single Form

<form aciton= "" method= "post" >
<input type= "text" name= "account" >
<input type= "password" name = "Password" >

The form has two elements, one is the account number, the other is the password, this is the basic login information.
Assuming we clicked on the save login, the system generates a Cookie,cookie format as follows

<?php
Setcookie ("User", "admin", Time () +3600);
Setcookie ("Password", "Fadsfad", Time () +3600);//password can be encrypted after storage, here I casually write
?>
//So storage also has a lot of risk, we have exposed our own account password locally, Although the password is encrypted.
//But this content does not discuss this content.

This enables us to save the local login information function. CSRF attacks are based on cookies and session mechanisms

We reopen our web page, assuming PHP has such a right to judge the words

<?php
if (isset ($_cookie[' user ')) &&isset ($_cookie[' password '))
{
//Execute the query statement of the data to determine whether it is correct.
    if ($result ==true)
    {
        //Return permission page, or add session
    }
}

So we can achieve the function of saving the password, we save, the next time we open the Web page can automatically login, but this also for some hackers opened the door.

For example, this site is a financial site, the administrator after landing, you can transfer to other people
Suppose it's the a.com//financial site.
It has a transfer function

<form method= "POST" id= "form" >
<input type= "text" name= "Money" id= "cash" >//the amount of the transfer <input
type = "text" name= "receiver" id= "receiver" >//payee <input
type= "Submit" value= "Confirmation" >
</form>

b.com//Hacker website
The hacker uses JS to write some content, he simulates a form, then logs in, and executes other content.

$ (function () {
$ (' #money '). Val (1000);//Amount entered
    $ (' #receiver '). Val ("hacker")/receiver
    $ (' #form '). Submit ();

How to prevent

The reason a hacker executes a statement that submits form forms so easily is because the Web site does not have any validation of the form and executes the data that processes the form submission. Introduction of Token

Since there is no verification to cause such a large vulnerability, then we add a verification is not OK.

Local Form

$session _start ()//open session
$token =random ()//define a random function
$_session[' token ']= $token//server to save a string
function random ()
{
//Generate a long string of random characters, rarely repeated.
}

<form method= "POST" id= "form" >
<input type= "hidden" value= "<?php echo $token?>" >//add a hidden item, When you save the submission form, you submit the value of the token
<input type= "text" name= "Money" id= "cash" >//the amount of the transfer <input "
text" type= " Receiver "id=" receiver ">//payee <input
type=" Submit "value=" Confirmation ">
</form>

Server for authentication

<?php
if ($_session[' token ']==$_post[' token '])
{
//perform the original operation;
}

the precaution in the Laravel

Laravel is a very good PHP framework, has helped us encapsulate this content,
We need to add a function to the form

<form method= "POST" id= "form" >
{{csrf_field ()}}//laravel encapsulated method <input
type= "text" Name= "Money" Id= "Money" >//the amount of the transfer
<input type= "text" name= "receiver" id= "receiver" >//"beneficiary <input type=
" Submit "value=" Confirmation >
</form>

So we are saving the password, we are not afraid of hackers to help us to submit some forms, the implementation of some programs.