中间人攻击如何工作? [英] How does this Man-In-The-Middle attack work?
问题描述
此外,对于HTTPS请求, 严格的引荐检查是由 CsrfViewMiddleware.这是必要的 解决中间人攻击 在HTTPS下,当 使用与会话无关的随机数 HTTP'Set-Cookie'的事实 标头被(不幸地)接受 由正在与网站交谈的客户 在HTTPS下. (不是推荐人检查 完成HTTP请求,因为 Referer标头不存在 在HTTP下足够可靠.)
In addition, for HTTPS requests, strict referer checking is done by CsrfViewMiddleware. This is necessary to address a Man-In-The-Middle attack that is possible under HTTPS when using a session independent nonce, due to the fact that HTTP 'Set-Cookie' headers are (unfortunately) accepted by clients that are talking to a site under HTTPS. (Referer checking is not done for HTTP requests because the presence of the Referer header is not reliable enough under HTTP.)
我很难想象这种攻击的工作方式.有人可以解释吗?
I have trouble visualizing how this attack works. Could somebody explain?
更新:
Django doc中的措辞似乎暗示着有一种特定类型的中间人攻击(这导致我认为是成功的CSRF),可与会话无关的随机数(但不适用于特定于事务的随机数等)一起使用我猜想),并涉及到"Set-Cookie"标头的使用.
所以我想知道这种特定类型的攻击是如何工作的.
UPDATE:
The wording in the Django doc seems to imply that there is a specific type of man-in-the-middle attack (which leads to a successful CSRF I'd assume) that works with session independent nonce (but not with transaction specific nonce etc., I suppose) and involves the use of 'Set-Cookie' header.
So I wanted to know how that specific type of attack works.
推荐答案
攻击者可以使用Set-Cookie设置CSRF cookie,然后在POST表单数据中提供匹配的令牌.由于该站点未将会话cookie与CSRF cookie绑定在一起,因此它无法确定CSRF令牌+ cookie是真实的(对其中一个进行哈希等操作将不起作用,因为攻击者只能获得一个有效的密码对直接从该站点访问,并在攻击中使用该对.)
The attacker can set the CSRF cookie using Set-Cookie, and then supply a matching token in the POST form data. Since the site does not tie the session cookies to the CSRF cookies, it has no way of determining that the CSRF token + cookie are genuine (doing hashing etc. of one of them will not work, as the attacker can just get a valid pair from the site directly, and use that pair in the attack).
(我用Google搜索了与会话无关的随机数.)
(I googled for session independent nonce.)
这篇关于中间人攻击如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
