PHP Security - HTTP Request Spoofing

黄舟
Release: 2023-03-05 22:04:01
Original
1407 people have browsed it



HTTP request spoofing

A more advanced and sophisticated attack than form spoofing is HTTP request spoofing. This gives the attacker complete control and flexibility, and it further proves that any data submitted by the user cannot be blindly trusted.

To demonstrate how this works, take a look at the following form located at //m.sbmmt.com/:

CODE:

Please select a color:

Copy after login


If the user selects Red and clicks the Select button, the browser will issue the following HTTP request:

CODE:

POST /process.php HTTP/1.1 Host: example.org User-Agent: Mozilla/5.0 (X11; U; Linux i686) Referer: //m.sbmmt.com/ Content-Type: application/x-www-form-urlencoded Content-Length: 9 color=red
Copy after login


.

Seeing as most browsers include an origin URL value, you might be tempted to use the $_SERVER['HTTP_REFERER'] variable to prevent spoofing. Sure, this can be used against attacks using standard browsers, but attackers won't be deterred by this little annoyance. By editing the raw information of an HTTP request, an attacker can completely control the values of HTTP headers, GET and POST data, and all content in the HTTP request.

How does an attacker alter the original HTTP request? The process is very simple. Through the Telnet utility provided on most system platforms, you can communicate directly with the web server by connecting to the web server's listening port (typically port 80). The following is an example of using this technique to request the //m.sbmmt.com/ page:

CODE:

$ telnet example.org 80 Trying 192.0.34.166... Connected to example.org (192.0.34.166). Escape character is '^]'. GET / HTTP/1.1 Host: example.org HTTP/1.1 200 OK Date: Sat, 21 May 2005 12:34:56 GMT Server: Apache/1.3.31 (Unix) Accept-Ranges: bytes Content-Length: 410 Connection: close Content-Type: text/html   Example Web Page 

You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.

These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.

Connection closed by foreign host. $
Copy after login


The request shown in the above example is the simplest request that complies with the HTTP/1.1 specification. This is because the Host information is the header Required in the external information. Once you enter two consecutive newlines indicating the end of the request, the entire HTML response is displayed on the screen.

The Telnet utility is not the only way to communicate directly with a web server, but it is often the most convenient. But if you encode the same request in PHP, you can automate it. The previous request can be implemented with the following PHP code:

CODE:

##

Copy after login


Of course, there are many ways to achieve the above purpose, but the main point is that HTTP is a well-known standard protocol, and attackers with a little experience will be very familiar with it. , and are also familiar with common security vulnerability attack methods.

Compared with spoofing forms, there are not many ways to spoof HTTP requests, so you should not pay attention to it. The reason I describe these techniques is to better demonstrate how easy it is for an attacker to enter malicious information into your application. This again emphasizes the importance of filtering input and the fact that any information provided by an HTTP request cannot be trusted.

The above is the content of PHP security-HTTP request spoofing. For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!