An attack method that is more advanced and complex than spoofing forms is HTTP request spoofing. This gives attackers full control and flexibility, and further proves that they cannot blindly trust any data submitted by users.
To demonstrate how this works, see the form in # below:
CODE:
If you Select Red and click the Select button, the browser sends the following HTTP request:
CODE:
POST /process.php HTTP/1.1 Host: example.org User-Agent: Mozilla/5.0 (X11; U; Linux i686) Referer: # Content-Type:application/x-www-form-urlencoded Content-Length: 9 color=red
.
Most browsers contain a source URL value. you may try to use the $ _ SERVER ['http _ referer'] variable to prevent spoofing. Indeed, this can be used to deal with attacks initiated by using a standard browser, but the attacker will not be blocked by this small trouble. By editing the original information of an HTTP request, attackers can completely control the value of the HTTP header, GET and POST data, and all content in the HTTP request.
How can attackers change the original HTTP request? The process is very simple. Through the Telnet utility provided on most system platforms, you can directly communicate with the Web server by connecting to the listening port of the website server (the typical Port is 80. The following is an example of the request # page using this tip:
CODE:
$ telnet example.org 80 Trying 192.0.34.166... Connected to example.org (192.0.34.166). Escape character is '^]'. GET / HTTP/1.1 Host: example.org HTTP/1.1 200 OK Date: Sat, 21 May 2005 12:34:56 GMT Server: Apache/1.3.31 (Unix) Accept-Ranges: bytes Content-Length: 410 Connection: close Content-Type: text/html Example Web PageYou have reached this web page by typing"example.com", "example.net", or"example.org" into your web browser.
These domain names are reserved for usein documentation and are not available for registration. See RFC 2606,Section 3.
Connection closed by foreign host. $
The request shown in the preceding example is the simplest request that complies with HTTP/1.1 specifications, because the Host information is required in the header information. Once you enter two consecutive linefeeds indicating the end of the request, the entire HTML response is displayed on the screen.
The Telnet utility is not the only method for direct communication with the Web server, but it is often the most convenient. However, if you use PHP to encode the same request, you can implement automatic operations. The preceding request can be implemented using the following PHP code:
CODE:
Of course, there are still many ways to achieve the above purpose, but the main point is that HTTP is a widely known standard protocol, and attackers with a little experience will be very familiar with it, you are also familiar with common security vulnerability attack methods.
There are not many ways to cheat HTTP requests than to cheat forms, so you should not pay attention to them. I want to explain these skills to better demonstrate how convenient an attacker can input malicious information to your application. This emphasizes the importance of filtering input and the fact that any information provided by the HTTP request is untrusted.
The above is the content of PHP Security-HTTP request spoofing. For more information, see PHP Chinese website (www.php1.cn )!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
