2021-2-8 《白帽子讲Web安全》笔记-4.CSRF-进阶
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;">返回目录</a></p>摘自《白帽子讲Web安全》4.2.1浏览器的Cookie策略:IE拦截第三方cookie,<span style="color: black;">必须</span>先让session cookie有效<span style="color: black;">才可</span>攻击火狐不拦截第三方cookei,<span style="color: black;">能够</span>直接攻击网站<span style="color: black;">倘若</span>不<span style="color: black;">运用</span>cookie,就<span style="color: black;">不消</span>顾虑,<span style="color: black;">能够</span>直接攻击4.2.2P3P头的副<span style="color: black;">功效</span>:<span style="color: black;">准许</span>跨域set-cookie(破坏同源策略),CSRF防御<span style="color: black;">不可</span>依赖于浏览器拦截第三方cookie4.2.3GET和POST服务器<span style="color: black;">无</span>区分get和post请求,用户可构造一个GET请求提交表单区分,有若干种办法来构造一个post请求。4.2.4Flash CSRF4.2.5CSRF Worm即使<span style="color: black;">无</span>XSS漏洞,仅仅依靠CSRF,<span style="color: black;">亦</span>能发起蠕虫攻击。<h2 style="color: black; text-align: left; margin-bottom: 10px;">4.2.1浏览器的Cookie策略</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">删除<span style="color: black;">外链论坛:www.fok120.com</span>博客<span style="color: black;">文案</span>攻击之<span style="color: black;">因此</span>会成功<span style="color: black;">经过</span><span style="color: black;">外链论坛:www.fok120.com</span>服务器验证,是<span style="color: black;">由于</span>用户的浏览器成功发送了Cookie的缘故。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">浏览器所持有的Cookie分为两种:</p>一种是“Session Cookie”,又<span style="color: black;">叫作</span>“临时Cookie”;另一种是“Third-party Cookie”,<span style="color: black;">亦</span><span style="color: black;">叫作</span>为“本地Cookie”。<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">例,“<a style="color: black;"><span style="color: black;">http://www.</span><span style="color: black;">a.com/cookie.php</span></a>”代码如下,给浏览器写入2个cookie</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><?php
header{"Set-Cookie:cookie1=123;"};//临时cookie
header{"Set-Cookie;cookie2=456;expires=Thu, 01-Jan-2030 00:00:01 GMT;",false};//本地cookie
?></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">两者的区别在于</p>Third-party Cookie是服务器在Set-Cookie时指定了Expire时间,<span style="color: black;">仅有</span>到了Expire时间后Cookie才会失效,<span style="color: black;">因此</span>这种Cookie会<span style="color: black;">保留</span>在本地;Session Cookie则<span style="color: black;">无</span>指定Expire时间,<span style="color: black;">保留</span>在内存中,<span style="color: black;">因此</span>浏览器关闭后,Session Cookie就失效了。<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">浏览网站,若是一个网站设置了Session Cookie,<span style="color: black;">那样</span>在浏览器进程的生命周期内,即使浏览器新打开了Tab页,<span style="color: black;">由于</span>新Tab页在同一个浏览器进程中,Session Cookie<span style="color: black;">亦</span>都是有效的,<span style="color: black;">因此呢</span>Session Cookie将被发送。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>浏览器从一个域的页面中,要加载另一个域的资源,<span style="color: black;">因为</span>安全<span style="color: black;">原由</span>,某些浏览器会阻止Third-party Cookie的发送。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">例,用户在<a style="color: black;"><span style="color: black;">http://www.</span><span style="color: black;">a.com</span></a>域中,而在<span style="color: black;">另一</span>一个域中,有一个页面“http//:<a style="color: black;"><span style="color: black;">http://www.</span><span style="color: black;">b.com/csrf.html</span></a>”,此页面构造了csrf以<span style="color: black;">拜访</span>“www.a.com”,代码如下</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><iframe src="http://www.a.com"></iframe></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">此时<span style="color: black;">能够</span><span style="color: black;">发掘</span>,<span style="color: black;">仅有</span>Session Cookie被发送了,而Third-party Cookie被禁止了。</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic3.zhimg.com/80/v2-d7e1e0d638420f62bb37068c2a2ddd4e_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">IE出于安全<span style="color: black;">思虑</span>,默认禁止了浏览器在 <img> 、<iframe> 、<script> 、<link>等标签中发送第三方Cookie。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Safari<span style="color: black;">亦</span>会拦截第三方Cookie。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在火狐中,默认策略是<span style="color: black;">准许</span>发送第三方Cookie的。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Opera,Chrome,Android<span style="color: black;">亦</span>都不会拦截第三方Cookie。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">因此</span>,删除博客<span style="color: black;">文案</span>CSRF要成功<span style="color: black;">必须</span></p><span style="color: black;">运用</span>火狐
楼主听话,多发外链好处多,快到碗里来!外链论坛 http://www.fok120.com/ 你的话深深触动了我,仿佛说出了我心里的声音。 说得好啊!我在外链论坛打滚这么多年,所谓阅人无数,就算没有见过猪走路,也总明白猪肉是啥味道的。 “沙发”(SF,第一个回帖的人)
页:
[1]