Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for recognizing CSRF token elements in web pages

A web page and element technology, applied in the field of identifying CSRF token elements in web pages, can solve problems such as misappropriation, and achieve the effect of improving the recognition rate and reducing false negatives

Inactive Publication Date: 2017-05-31
成都知道创宇信息技术有限公司
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Specifically, CSRF attacks can be understood in this way: the attacker has stolen your identity and sent a malicious request in your name. This request is completely legal to the server, but it has completed an operation expected by the attacker.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for recognizing CSRF token elements in web pages
  • Method for recognizing CSRF token elements in web pages
  • Method for recognizing CSRF token elements in web pages

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described in detail below with reference to the drawings and specific embodiments. The specific steps of a method for identifying CSRF token elements in a web page of the present invention are as follows:

[0026] 1. Create the first HTTP session, by obtaining the source code of the target page, check whether there is a tag in the source code of the page, and then proceed to the next step.

[0027] 2. Retrieve whether there is a hidden form element in the source code tag of the web page of the first session, such as figure 2 As shown, if exists, go to the next step.

[0028] 3. Create a second HTTP session, by obtaining the source code of the target page, check whether there is a tag in the source code of the page, and then proceed to the next step.

[0029] 4. Retrieve whether there is a hidden form element in the source code tag of the webpage of the second session, such as image 3 As shown, if exists, go to the next step.

[0030] 5. Co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for recognizing CSRF token elements in web pages. The method comprises the following steps: establishing a first conversation of HTTP; examining whether a page source code has <form> labels or not by acquiring a targeted page source code; searching whether form elements of which input types are hidden exist in the <form> labels of the web page source code of the first conversation; establishing a second conversation of HTTP; examining whether a page source code has <form> labels or not by acquiring a targeted page source code; searching whether form elements of which input types are hidden exist in the <form> labels of the web page source code of the second conversation; successively comparing the values of the form elements of which the input types are hidden in the forms of the first conversation and the second conversation; calculating the proportion of Levenstein distance of the values of the suspected CSRF token form elements; judging whether the parameters are CSRF token or not. The CSRF token elements are dynamically recognized on the basis of an algorithm, the recognition rate of the CSRF token elements is increased, and missing report is greatly reduced.

Description

Technical field [0001] The invention relates to the field of CSRF identification, in particular to a method for identifying CSRF token elements in a webpage. Background technique [0002] The CSRF attack is successful because the attacker can forge the user’s request. All user authentication information in the request is stored in the Cookie, so the attacker can directly use the user’s own Cookie without knowing the authentication information. To pass the security verification. It can be seen that the key to resisting CSRF attacks is to include information that cannot be forged by the attacker in the request, and the information does not exist in the Cookie. [0003] The system developer can add a randomly generated token in the form of a parameter in the HTTP request, and establish an interceptor on the server side to verify the token. If there is no token in the request or the content of the token is incorrect, it may be a CSRF attack. Deny the request. This method of embeddin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F17/30
Inventor 周海啸
Owner 成都知道创宇信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com