Skip to content

Instantly share code, notes, and snippets.

@monkindey

monkindey/Readme.md

Last active August 17, 2017 14:10
Show Gist options
  • Save monkindey/53ab4e90df8e9d927fe2b2661eb6bc5f to your computer and use it in GitHub Desktop.
Save monkindey/53ab4e90df8e9d927fe2b2661eb6bc5f to your computer and use it in GitHub Desktop.
Download ZIP
csrf
Raw
Readme.md

CSRF

Configuration

在你自己的hosts文件里加上映射, 然后再改下config.js里面的host, 跟你在hosts映射名字统一。

Running

  • node ./injured.js
  • 浏览器访问http://your-host-name:3015
  • node ./attack.js
  • 浏览器访问http://localhost:3014

这个时候你可以看到injured.js起的服务打印出你之前在3015端口访问的cookie, 也就是你3014服务里面的img发送了请求, 浏览器把你之前的cookie也带过去了

Raw
attack.js
const http = require('http');
const config = require('./config');
const port = config.port.attack;
const host = config.host;
const server = http.createServer((req, res) => {
res.writeHead(200, {
'Content-Type': 'text/html; charset=utf-8'
});
res.end(`<h3>CSRF</h3><img src="http://${host}:${port}"/>`);
});
server.listen(port, () => {
console.log(`The Sever at ${port}`);
});
Raw
config.js
module.exports = {
port: {
// 攻击者
attack: 3014,
// 被攻击
injured: 3015
},
host: 'kihocham'
};
Raw
injured.js
const http = require('http');
const config = require('./config');
const port = config.port.injured;
const host = config.host;
http
.createServer((req, res) => {
console.log(req.headers.cookie);
res.writeHead(200, {
'Set-Cookie': host
});
res.end('hello world');
})
.listen(port, () => {
console.log(`The Sever at ${port}`);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment