在你自己的hosts文件里加上映射, 然后再改下config.js
里面的host,
跟你在hosts映射名字统一。
node ./injured.js
- 浏览器访问
http://your-host-name:3015
node ./attack.js
- 浏览器访问
http://localhost:3014
这个时候你可以看到injured.js
起的服务打印出你之前在3015端口访问的cookie,
也就是你3014服务里面的img发送了请求, 浏览器把你之前的cookie也带过去了
const http = require('http'); | |
const config = require('./config'); | |
const port = config.port.attack; | |
const host = config.host; | |
const server = http.createServer((req, res) => { | |
res.writeHead(200, { | |
'Content-Type': 'text/html; charset=utf-8' | |
}); | |
res.end(`<h3>CSRF</h3><img src="http://${host}:${port}"/>`); | |
}); | |
server.listen(port, () => { | |
console.log(`The Sever at ${port}`); | |
}); |
module.exports = { | |
port: { | |
// 攻击者 | |
attack: 3014, | |
// 被攻击 | |
injured: 3015 | |
}, | |
host: 'kihocham' | |
}; |
const http = require('http'); | |
const config = require('./config'); | |
const port = config.port.injured; | |
const host = config.host; | |
http | |
.createServer((req, res) => { | |
console.log(req.headers.cookie); | |
res.writeHead(200, { | |
'Set-Cookie': host | |
}); | |
res.end('hello world'); | |
}) | |
.listen(port, () => { | |
console.log(`The Sever at ${port}`); | |
}); |