-
Notifications
You must be signed in to change notification settings - Fork 1
/
OAuth-CSRF实验.html
736 lines (574 loc) · 44.3 KB
/
OAuth-CSRF实验.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 5.4.2">
<link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
<link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
<link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
<link rel="mask-icon" href="/images/logo.svg" color="#222">
<link rel="stylesheet" href="/css/main.css">
<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">
<link rel="stylesheet" href="//cdn.jsdelivr.net/gh/fancyapps/fancybox@3/dist/jquery.fancybox.min.css">
<script id="hexo-configurations">
var NexT = window.NexT || {};
var CONFIG = {"hostname":"leeyuxun.github.io","root":"/","scheme":"Gemini","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":true,"show_result":true,"style":"mac"},"back2top":{"enable":true,"sidebar":true,"scrollpercent":true},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":true,"mediumzoom":false,"lazyload":false,"pangu":true,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},"path":"./public/search.xml"};
</script>
<meta name="description" content="实验目的 通过一个简单的OAuth CSRF攻击实验,来熟悉OAuth的协议流程; 通过攻击实验来理解OAuth协议的安全性;">
<meta property="og:type" content="article">
<meta property="og:title" content="OAuth CSRF实验">
<meta property="og:url" content="https://leeyuxun.github.io/OAuth-CSRF%E5%AE%9E%E9%AA%8C.html">
<meta property="og:site_name" content="Leeyuxun の note">
<meta property="og:description" content="实验目的 通过一个简单的OAuth CSRF攻击实验,来熟悉OAuth的协议流程; 通过攻击实验来理解OAuth协议的安全性;">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205103141.jpg">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205132234.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131553.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131058.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131553.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205133229.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131553.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212000948.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212001103.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191206171558.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210164537.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210164752.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191206172513.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210164925.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165024.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212000208.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210110527.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210110847.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211233406.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212004236.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165401.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165635.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165722.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165947.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210170327.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210170204.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212005954.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210180148.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235615.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210234832.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210235710.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235504.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211234803.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212001438.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211105853.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211105825.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235504.png">
<meta property="og:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235408.png">
<meta property="article:published_time" content="2019-12-19T15:52:15.000Z">
<meta property="article:modified_time" content="2023-05-07T07:37:53.582Z">
<meta property="article:author" content="李钰璕">
<meta property="article:tag" content="CSRF">
<meta property="article:tag" content="OAuth">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205103141.jpg">
<link rel="canonical" href="https://leeyuxun.github.io/OAuth-CSRF%E5%AE%9E%E9%AA%8C.html">
<script id="page-configurations">
// https://hexo.io/docs/variables.html
CONFIG.page = {
sidebar: "",
isHome : false,
isPost : true,
lang : 'zh-CN'
};
</script>
<title>OAuth CSRF实验 | Leeyuxun の note</title>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-V3499K2XZY"></script>
<script>
if (CONFIG.hostname === location.hostname) {
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-V3499K2XZY');
}
</script>
<script>
var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?4d72a66931dff6410b32974da2e3df61";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script>
<noscript>
<style>
.use-motion .brand,
.use-motion .menu-item,
.sidebar-inner,
.use-motion .post-block,
.use-motion .pagination,
.use-motion .comments,
.use-motion .post-header,
.use-motion .post-body,
.use-motion .collection-header { opacity: initial; }
.use-motion .site-title,
.use-motion .site-subtitle {
opacity: initial;
top: initial;
}
.use-motion .logo-line-before i { left: initial; }
.use-motion .logo-line-after i { right: initial; }
</style>
</noscript>
</head>
<body itemscope itemtype="http://schema.org/WebPage">
<div class="container use-motion">
<div class="headband"></div>
<header class="header" itemscope itemtype="http://schema.org/WPHeader">
<div class="header-inner"><div class="site-brand-container">
<div class="site-nav-toggle">
<div class="toggle" aria-label="切换导航栏">
<span class="toggle-line toggle-line-first"></span>
<span class="toggle-line toggle-line-middle"></span>
<span class="toggle-line toggle-line-last"></span>
</div>
</div>
<div class="site-meta">
<a href="/" class="brand" rel="start">
<span class="logo-line-before"><i></i></span>
<h1 class="site-title">Leeyuxun の note</h1>
<span class="logo-line-after"><i></i></span>
</a>
<p class="site-subtitle" itemprop="description">BUPT | SCSS</p>
</div>
<div class="site-nav-right">
<div class="toggle popup-trigger">
<i class="fa fa-search fa-fw fa-lg"></i>
</div>
</div>
</div>
<nav class="site-nav">
<ul id="menu" class="main-menu menu">
<li class="menu-item menu-item-home">
<a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a>
</li>
<li class="menu-item menu-item-tags">
<a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a>
</li>
<li class="menu-item menu-item-categories">
<a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a>
</li>
<li class="menu-item menu-item-archives">
<a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a>
</li>
<li class="menu-item menu-item-links">
<a href="/links/" rel="section"><i class="fa fa-link fa-fw"></i>友链</a>
</li>
<li class="menu-item menu-item-search">
<a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
</a>
</li>
</ul>
</nav>
<div class="search-pop-overlay">
<div class="popup search-popup">
<div class="search-header">
<span class="search-icon">
<i class="fa fa-search"></i>
</span>
<div class="search-input-container">
<input autocomplete="off" autocapitalize="off"
placeholder="搜索..." spellcheck="false"
type="search" class="search-input">
</div>
<span class="popup-btn-close">
<i class="fa fa-times-circle"></i>
</span>
</div>
<div id="search-result">
<div id="no-result">
<i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i>
</div>
</div>
</div>
</div>
</div>
</header>
<main class="main">
<div class="main-inner">
<div class="content-wrap">
<div class="content post posts-expand">
<article itemscope itemtype="http://schema.org/Article" class="post-block" lang="zh-CN">
<link itemprop="mainEntityOfPage" href="https://leeyuxun.github.io/OAuth-CSRF%E5%AE%9E%E9%AA%8C.html">
<span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
<meta itemprop="image" content="/images/avatar.png">
<meta itemprop="name" content="李钰璕">
<meta itemprop="description" content="安全学习笔记">
</span>
<span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Leeyuxun の note">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
OAuth CSRF实验
</h1>
<div class="post-meta">
<span class="post-meta-item">
<span class="post-meta-item-icon">
<i class="far fa-calendar"></i>
</span>
<span class="post-meta-item-text">发表于</span>
<time title="创建时间:2019-12-19 23:52:15" itemprop="dateCreated datePublished" datetime="2019-12-19T23:52:15+08:00">2019-12-19</time>
</span>
<span class="post-meta-item">
<span class="post-meta-item-icon">
<i class="far fa-calendar-check"></i>
</span>
<span class="post-meta-item-text">更新于</span>
<time title="修改时间:2023-05-07 15:37:53" itemprop="dateModified" datetime="2023-05-07T15:37:53+08:00">2023-05-07</time>
</span>
<span class="post-meta-item">
<span class="post-meta-item-icon">
<i class="far fa-folder"></i>
</span>
<span class="post-meta-item-text">分类于</span>
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
<a href="/categories/%E5%A4%A7%E6%95%B0%E6%8D%AE%E5%AE%89%E5%85%A8%E5%AE%9E%E9%AA%8C/" itemprop="url" rel="index"><span itemprop="name">大数据安全实验</span></a>
</span>
</span>
<span class="post-meta-item" title="阅读次数" id="busuanzi_container_page_pv" style="display: none;">
<span class="post-meta-item-icon">
<i class="fa fa-eye"></i>
</span>
<span class="post-meta-item-text">阅读次数:</span>
<span id="busuanzi_value_page_pv"></span>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<h1 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h1><ol>
<li>通过一个简单的OAuth CSRF攻击实验,来熟悉OAuth的协议流程;</li>
<li>通过攻击实验来理解OAuth协议的安全性;</li>
</ol>
<span id="more"></span>
<h1 id="实验环境"><a href="#实验环境" class="headerlink" title="实验环境"></a>实验环境</h1><ul>
<li>IDE:IntelliJ IDEA 2019.3 x64</li>
<li>JDK:1.8</li>
<li>OS:Windows 10 x64</li>
<li>数据库:mysql-5.6.46.0-winx64</li>
<li>服务器:apache-tomcat-8.5.45</li>
<li>IdP服务器地址:<a target="_blank" rel="noopener" href="http://localhost:8080/">http://localhost:8080</a></li>
<li>RP服务器地址:<a target="_blank" rel="noopener" href="http://localhost:8081/">http://localhost:8081</a></li>
<li>Attack服务器地址:<a target="_blank" rel="noopener" href="http://localhost:8081/">http://localhost:8082</a></li>
</ul>
<h1 id="实验内容"><a href="#实验内容" class="headerlink" title="实验内容"></a>实验内容</h1><p>通过OAuth CSRF攻击实验,达到如下效果:攻击者通过诱导用户点击恶意链接,使得用户的账号通过OAuth协议与攻击的IdP账号绑定在一起,从而可以使得攻击者用自己的IdP账号通过OAuth登录到用户的账号。 具体步骤如下:</p>
<ol>
<li>攻击者登录到RP,并且选择绑定自己的IdP账号;</li>
<li>RP将攻击者重定向到IdP,攻击者登录IdP,IdP向他显示是否授权RP访问的页面;</li>
<li>攻击者在点击”同意授权”之后,截获IdP服务器返回的含有Authorization code参数的HTTP响应;</li>
<li>攻击者精心构造一个Web页面,它会触发向IdP发起令牌申请的请求,而这个请求中的Authorization Code参数正是上一步截获到的code;</li>
<li>攻击者将这个Web页面放到互联网上,等待或者诱骗受害者来访问;</li>
<li>受害者之前登录了RP网站,只是没有把自己的账号和其他社交账号绑定起来。在受害者访问了攻击者准备的这个Web页面,令牌申请流程在受害者的浏览器里被顺利触发,RP从IdP那里获取到access_token,但是这个token以及通过它进一步获取到的用户信息却都是攻击者的;</li>
<li>RP将攻击者的IdP账号同受害者的RP账号关联绑定起来;</li>
<li>从此以后,攻击者就可以用自己的IdP账号通过OAuth登录到受害者在RP中的账号,冒充受害者的身份执行各种操作。</li>
</ol>
<p> 具体的攻击流程图如下图所示:</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205103141.jpg">备注:第9步中,攻击者应该获取到当前登录状态下用户的cookie,并且将cookie写入请求头中,RP会检查cookie来判断用户是否是登录状态,从而判断是否同意进行绑定请求,但目前从实现上来讲,获取cookie,并检查cookie较为困难,因此在实际实现中,cookie只是已简单的参数形式,传给RP,RP也不检查cookie;</p>
<h1 id="实验步骤"><a href="#实验步骤" class="headerlink" title="实验步骤"></a>实验步骤</h1><p>环境配置没有按照实验要求,使用的是自己之前配置完成的JDK+Mysql+Apache环境,相关参数上述已经说明,但是由于环境和程序源代码出现冲突,做了一些改变,配置步骤不再赘述;</p>
<h2 id="数据库创建"><a href="#数据库创建" class="headerlink" title="数据库创建"></a>数据库创建</h2><h3 id="RP数据库"><a href="#RP数据库" class="headerlink" title="RP数据库"></a>RP数据库</h3><ol>
<li><p>建立名为<code>RP</code>的数据库;</p>
</li>
<li><p>并且建立<code>user</code>数据表,其字段为:</p>
<ul>
<li>id:编号</li>
<li>userename:RP用户名</li>
<li>password:RP密码</li>
<li>idp:身份认证提供商</li>
</ul>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205132234.png"></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131553.png"></p>
</li>
</ol>
<h3 id="IdP数据库"><a href="#IdP数据库" class="headerlink" title="IdP数据库"></a>IdP数据库</h3><ol>
<li><p>建立名为<code>shiro</code>的数据库;</p>
</li>
<li><p>建立<code>oauth2_client</code>数据表,其字段为:</p>
<ul>
<li>id:编号</li>
<li>client_name:第三方应用名称</li>
<li>client_id:第三方应用id</li>
<li>client_secret:第三方应用密钥</li>
</ul>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131058.png"></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131553.png"></p>
</li>
<li><p>建立oauth2_user表,其字段为:</p>
<ul>
<li>id:编号</li>
<li>username:IdP用户名</li>
<li>password:IdP密码</li>
<li>salt:盐</li>
</ul>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205133229.png"></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191205131553.png"></p>
</li>
</ol>
<h3 id="检查RP数据库配置"><a href="#检查RP数据库配置" class="headerlink" title="检查RP数据库配置"></a>检查RP数据库配置</h3><p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212000948.png"></p>
<p>程序中数据库配置正确;</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> String driver=<span class="string">"com.mysql.jdbc.Driver"</span>;</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> String url=<span class="string">"jdbc:mysql://localhost:3306/rp?characterEncoding=utf8&useSSL=true"</span>;</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> String username=<span class="string">"root"</span>;</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> String password=<span class="string">"123456"</span>;</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> Connection con=<span class="literal">null</span>;</span><br></pre></td></tr></table></figure>
<h3 id="检查IdP数据库配置"><a href="#检查IdP数据库配置" class="headerlink" title="检查IdP数据库配置"></a>检查IdP数据库配置</h3><p> <img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212001103.png"></p>
<p>程序中数据库配置正确;</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">#dataSource configure</span><br><span class="line">connection.url=jdbc:mysql:<span class="comment">//localhost:3306/shiro</span></span><br><span class="line">connection.username=root</span><br><span class="line">connection.password=toor</span><br></pre></td></tr></table></figure>
<h2 id="服务器启动"><a href="#服务器启动" class="headerlink" title="服务器启动"></a>服务器启动</h2><h3 id="启动IdP服务器"><a href="#启动IdP服务器" class="headerlink" title="启动IdP服务器"></a>启动IdP服务器</h3><p>双击<code>jetty:run</code>,启动服务器;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191206171558.png"></p>
<p>运行显示如下图,表示IdP服务器启动成功;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210164537.png"></p>
<h3 id="启动RP服务器"><a href="#启动RP服务器" class="headerlink" title="启动RP服务器"></a>启动RP服务器</h3><p>将点击 Edit Configurations,修改RP配置如下;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210164752.png"></p>
<p>将application context置为空;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191206172513.png"></p>
<p>启动RP服务器,运行显示如下图,表示RP服务器启动成功;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210164925.png"></p>
<h2 id="实验流程"><a href="#实验流程" class="headerlink" title="实验流程"></a>实验流程</h2><h3 id="注册RP,获得ClientID和Secret"><a href="#注册RP,获得ClientID和Secret" class="headerlink" title="注册RP,获得ClientID和Secret"></a>注册RP,获得ClientID和Secret</h3><ol>
<li><p>打开IdP网址<a target="_blank" rel="noopener" href="http://localhost:8080/zetark-oauth2-server/client%E8%BF%9B%E8%A1%8C%E7%AC%AC%E4%B8%89%E6%96%B9%E5%BA%94%E7%94%A8(RP)%E6%B3%A8%E5%86%8C%EF%BC%9B">http://localhost:8080/zetark-oauth2-server/client进行第三方应用(RP)注册;</a></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165024.png"></p>
</li>
<li><p>点击应用新增,输入第三方应用RP的名称<code>testApp</code>;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212000208.png"></p>
<p>由于未将id设置为自动递增,报错如下:</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210110527.png"></p>
<p>更改数据库配置,将id设置为自动递增;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210110847.png"></p>
<p>再次点击新增应用,注册完毕获得客户端ID(client_id)<code>88f55e00-5f78-44e1-abfb-fa6c5368366d</code>和客户端安全KEY(clinet_secret)<code>788639e3-8355-4fa8-aa38-ae04670ac30b</code>,RP需要记录这两个参数,用于后续的OAuth认证,即需要在源代码中一些位置更改上述的两个参数,这里只举例一处;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211233406.png"></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212004236.png"></p>
</li>
</ol>
<h3 id="攻击者:注册IdP账号"><a href="#攻击者:注册IdP账号" class="headerlink" title="攻击者:注册IdP账号"></a>攻击者:注册IdP账号</h3><ol>
<li><p>打开IdP网址<a target="_blank" rel="noopener" href="http://localhost:8080/zetark-oauth2-server/user%E8%BF%9B%E8%A1%8C%E8%B4%A6%E5%8F%B7%E6%B3%A8%E5%86%8C%EF%BC%8C%E8%AF%A5%E8%B4%A6%E5%8F%B7%E5%B0%86%E7%94%A8%E4%BA%8E%E7%BB%91%E5%AE%9ARP%E8%B4%A6%E5%8F%B7%EF%BC%9B">http://localhost:8080/zetark-oauth2-server/user进行账号注册,该账号将用于绑定RP账号;</a></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165401.png"></p>
</li>
<li><p>点击用户新增,注册用户<code>attack</code>;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165635.png"></p>
</li>
<li><p>注册成功后,显示用户;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165722.png"></p>
</li>
</ol>
<h3 id="用户注册RP账号"><a href="#用户注册RP账号" class="headerlink" title="用户注册RP账号"></a>用户注册RP账号</h3><ol>
<li><p>打开RP网站<a target="_blank" rel="noopener" href="http://localhost:8081/%E8%BF%9B%E8%A1%8C%E8%B4%A6%E5%8F%B7%E6%B3%A8%E5%86%8C%EF%BC%9B">http://localhost:8081/进行账号注册;</a></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210165947.png"></p>
</li>
<li><p>到注册页面,设置用户名为<code>Leeyuxun</code>,点击注册;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210170327.png"></p>
</li>
<li><p>注册成功后,返回登录页面,进行登录;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210170204.png"></p>
</li>
<li><p>调试窗口显示登录成功;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212005954.png"></p>
</li>
<li><p>网页显示登陆成功;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210180148.png"></p>
</li>
</ol>
<h3 id="攻击者完成攻击前的状态"><a href="#攻击者完成攻击前的状态" class="headerlink" title="攻击者完成攻击前的状态"></a>攻击者完成攻击前的状态</h3><ol>
<li><p>在IdP账号没有绑定RP账号<code>testApp</code>的情况下,用IdP账号<code>attacker</code>来登录RP网站,点击使用IdP授权,发现IdP显示,应用<code>testApp</code>正在请求接入;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235615.png"></p>
</li>
<li><p>输入IdP账号,用户名<code>attack</code>,点击登录并授权,验证通过后会显示该用户未绑定。实际上<code>attack</code>用户只是IdP用户,并没有绑定过RP用户,因此无法用IdP的账号来登录RP网站;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210234832.png"></p>
</li>
</ol>
<h3 id="攻击者的操作流程"><a href="#攻击者的操作流程" class="headerlink" title="攻击者的操作流程"></a>攻击者的操作流程</h3><ol>
<li><p>下面进行CSRF攻击,首先让用户<code>Leeyuxun</code>登录到RP网站;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191210235710.png"></p>
</li>
<li><p>攻击者在用户<code>Leeyuxun</code>保持登录状态时,打开绑定用户的链接<a target="_blank" rel="noopener" href="http://localhost:8080/zetark-oauth2-server/authorize?client_id=88f55e00-5f78-44e1-abfb-fa6c5368366d&response_type=code&redirect_uri=http://localhost:8081/accesstoken.jsp&scope=bindlogin">http://localhost:8080/zetark-oauth2-server/authorize?client_id=88f55e00-5f78-44e1-abfb-fa6c5368366d&response_type=code&redirect_uri=http://localhost:8081/accesstoken.jsp&scope=bindlogin</a></p>
</li>
<li><p>输入攻击者<code>attack</code>在IdP上的账号,点击登录并授权;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235504.png"></p>
</li>
<li><p>验证通过后,获得返回的授权码code,位于url地址中,为<code>38575af7f999713cffce720e74409ad6</code>;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211234803.png"></p>
</li>
<li><p>将code放入事先写好的攻击项目中,并build运行<code>attcak</code>项目;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191212001438.png"></p>
</li>
</ol>
<h3 id="用户登录RP并访问攻击者的网站"><a href="#用户登录RP并访问攻击者的网站" class="headerlink" title="用户登录RP并访问攻击者的网站"></a>用户登录RP并访问攻击者的网站</h3><ol>
<li><p>等待用户访问攻击者的网站,点击恶意链接<a target="_blank" rel="noopener" href="http://localhost:8082/attack%EF%BC%8C%E6%94%BB%E5%87%BB%E8%80%85%E4%BC%AA%E9%80%A0%E4%B8%80%E4%B8%AApost%E8%AF%B7%E6%B1%82%EF%BC%8C%E5%8F%91%E9%80%81%E7%BB%99RP%E7%BD%91%E7%AB%99http://localhost:8081/binding_request%EF%BC%8C%E5%85%B6%E4%B8%ADpost%E8%AF%B7%E6%B1%82%E5%90%AB%E6%9C%89%EF%BC%9A%E6%8E%88%E6%9D%83%E7%A0%81code%EF%BC%8C%E5%8F%97%E5%AE%B3%E8%80%85RP%E7%9A%84%E7%94%A8%E6%88%B7%E5%90%8Drp_user_name%EF%BC%9B">http://localhost:8082/attack,攻击者伪造一个post请求,发送给RP网站http://localhost:8081/binding_request,其中post请求含有:授权码code,受害者RP的用户名rp_user_name;</a></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211105853.png"></p>
</li>
<li><p>当用户点击恶意链接时,当前RP用户就会与攻击者的IdP账号绑定,完成CSRF攻击;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211105825.png"></p>
</li>
</ol>
<h3 id="攻击者入侵用户的RP账户"><a href="#攻击者入侵用户的RP账户" class="headerlink" title="攻击者入侵用户的RP账户"></a>攻击者入侵用户的RP账户</h3><ol>
<li><p>攻击者用攻击者的IdP账号成功登录用户的RP账号;</p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235504.png"></p>
<p><img src="https://raw.githubusercontent.com/Leeyuxun/pic-storage/main/img/20191211235408.png"></p>
</li>
</ol>
<h1 id="实验结论"><a href="#实验结论" class="headerlink" title="实验结论"></a>实验结论</h1><p>由于OAuth2的认证流程是分为好几步来完成的,当第三方应用在收到一个GET请求时,除了能知道当前用户的cookie,以及URL中的Authorization Code之外,难以分辨出这个请求到底是用户本人的意愿,还是攻击者利用用户的身份伪造出来的请求。因此,攻击者可使用移花接木的手段,提前准备一个含有自己的Authorization Code请求,并让受害者的浏览器来接着完成后续的令牌申请流程;</p>
<h2 id="攻击者攻击前提条件"><a href="#攻击者攻击前提条件" class="headerlink" title="攻击者攻击前提条件"></a>攻击者攻击前提条件</h2><ol>
<li>在攻击过程中,受害者在RP上的用户会话(User Session)必须是有效的,即受害者在受到攻击前已经登录了RP;</li>
<li>整个攻击必须在短时间内完成,因为OAuth2提供者颁发的Authorization Code有效期很短,OAuth2官方推荐的时间是不大于10分钟,而一旦Authorization Code过期那么后续的攻击也就不能进行下去了;</li>
<li>一个Authorization Code只能被使用一次,如果OAuth2提供者收到重复的Authorization Code,它会拒绝当前的令牌申请请求。不止如此,根据OAuth2官方推荐,它还可以把和这个已经使用过的Authorization Code相关联的access_token全部撤销掉,进一步降低安全风险;</li>
</ol>
<h2 id="预防方法"><a href="#预防方法" class="headerlink" title="预防方法"></a>预防方法</h2><p>要防止这样的攻击其实很容易,作为第三方应用的开发者,只需在OAuth2认证过程中加入state参数,并验证它的参数值即可。具体细节如下:</p>
<p>在将用户重定向到OAuth2的Authorization Endpoint去的时候,为用户生成一个随机的字符串,并作为state参数加入到URL中。在收到OAuth2服务提供者返回的Authorization Code请求的时候,验证接收到的state参数值。如果是正确合法的请求,那么此时接受到的参数值应该和上一步提到的为该用户生成的state参数值完全一致,否则就是异常请求。state参数值需要具备下面几个特性:</p>
<ol>
<li><strong>不可预测性</strong>:足够的随机,使得攻击者难以猜到正确的参数值</li>
<li><strong>关联性</strong>:state参数值和当前用户会话(user session)是相互关联的</li>
<li><strong>唯一性</strong>:每个用户,甚至每次请求生成的state参数值都是唯一的</li>
<li><strong>时效性</strong>:state参数一旦被使用则立即失效</li>
</ol>
</div>
<div>
<ul class="post-copyright">
<li class="post-copyright-author">
<strong>本文作者: </strong>李钰璕
</li>
<li class="post-copyright-link">
<strong>本文链接:</strong>
<a href="https://leeyuxun.github.io/OAuth-CSRF%E5%AE%9E%E9%AA%8C.html" title="OAuth CSRF实验">https://leeyuxun.github.io/OAuth-CSRF实验.html</a>
</li>
<li class="post-copyright-license">
<strong>版权声明: </strong>本博客所有文章除特别声明外,均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/zh-cn" rel="noopener" target="_blank"><i class="fab fa-fw fa-creative-commons"></i>BY-NC-SA</a> 许可协议。转载请注明出处!
</li>
</ul>
</div>
<footer class="post-footer">
<div class="post-tags">
<a href="/tags/CSRF/" rel="tag"><i class="fa fa-tag"></i> CSRF</a>
<a href="/tags/OAuth/" rel="tag"><i class="fa fa-tag"></i> OAuth</a>
</div>
<div class="post-nav">
<div class="post-nav-item">
<a href="/k-%E5%8C%BF%E5%90%8D%E9%9A%90%E7%A7%81%E4%BF%9D%E6%8A%A4%E5%AE%9E%E9%AA%8C.html" rel="prev" title="k-匿名隐私保护实验">
<i class="fa fa-chevron-left"></i> k-匿名隐私保护实验
</a></div>
<div class="post-nav-item">
<a href="/CryptDB%E5%AE%89%E8%A3%85%E4%B8%8E%E4%BD%BF%E7%94%A8.html" rel="next" title="CryptDB安装与使用">
CryptDB安装与使用 <i class="fa fa-chevron-right"></i>
</a></div>
</div>
</footer>
</article>
</div>
<script>
window.addEventListener('tabs:register', () => {
let { activeClass } = CONFIG.comments;
if (CONFIG.comments.storage) {
activeClass = localStorage.getItem('comments_active') || activeClass;
}
if (activeClass) {
let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
if (activeTab) {
activeTab.click();
}
}
});
if (CONFIG.comments.storage) {
window.addEventListener('tabs:click', event => {
if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
let commentClass = event.target.classList[1];
localStorage.setItem('comments_active', commentClass);
});
}
</script>
</div>
<div class="toggle sidebar-toggle">
<span class="toggle-line toggle-line-first"></span>
<span class="toggle-line toggle-line-middle"></span>
<span class="toggle-line toggle-line-last"></span>
</div>
<aside class="sidebar">
<div class="sidebar-inner">
<ul class="sidebar-nav motion-element">
<li class="sidebar-nav-toc">
文章目录
</li>
<li class="sidebar-nav-overview">
站点概览
</li>
</ul>
<!--noindex-->
<div class="post-toc-wrap sidebar-panel">
<div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%9E%E9%AA%8C%E7%9B%AE%E7%9A%84"><span class="nav-number">1.</span> <span class="nav-text">实验目的</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%9E%E9%AA%8C%E7%8E%AF%E5%A2%83"><span class="nav-number">2.</span> <span class="nav-text">实验环境</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%9E%E9%AA%8C%E5%86%85%E5%AE%B9"><span class="nav-number">3.</span> <span class="nav-text">实验内容</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%9E%E9%AA%8C%E6%AD%A5%E9%AA%A4"><span class="nav-number">4.</span> <span class="nav-text">实验步骤</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%95%B0%E6%8D%AE%E5%BA%93%E5%88%9B%E5%BB%BA"><span class="nav-number">4.1.</span> <span class="nav-text">数据库创建</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#RP%E6%95%B0%E6%8D%AE%E5%BA%93"><span class="nav-number">4.1.1.</span> <span class="nav-text">RP数据库</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#IdP%E6%95%B0%E6%8D%AE%E5%BA%93"><span class="nav-number">4.1.2.</span> <span class="nav-text">IdP数据库</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%A3%80%E6%9F%A5RP%E6%95%B0%E6%8D%AE%E5%BA%93%E9%85%8D%E7%BD%AE"><span class="nav-number">4.1.3.</span> <span class="nav-text">检查RP数据库配置</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%A3%80%E6%9F%A5IdP%E6%95%B0%E6%8D%AE%E5%BA%93%E9%85%8D%E7%BD%AE"><span class="nav-number">4.1.4.</span> <span class="nav-text">检查IdP数据库配置</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%90%AF%E5%8A%A8"><span class="nav-number">4.2.</span> <span class="nav-text">服务器启动</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%90%AF%E5%8A%A8IdP%E6%9C%8D%E5%8A%A1%E5%99%A8"><span class="nav-number">4.2.1.</span> <span class="nav-text">启动IdP服务器</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%90%AF%E5%8A%A8RP%E6%9C%8D%E5%8A%A1%E5%99%A8"><span class="nav-number">4.2.2.</span> <span class="nav-text">启动RP服务器</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E5%AE%9E%E9%AA%8C%E6%B5%81%E7%A8%8B"><span class="nav-number">4.3.</span> <span class="nav-text">实验流程</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%B3%A8%E5%86%8CRP%EF%BC%8C%E8%8E%B7%E5%BE%97ClientID%E5%92%8CSecret"><span class="nav-number">4.3.1.</span> <span class="nav-text">注册RP,获得ClientID和Secret</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%94%BB%E5%87%BB%E8%80%85%EF%BC%9A%E6%B3%A8%E5%86%8CIdP%E8%B4%A6%E5%8F%B7"><span class="nav-number">4.3.2.</span> <span class="nav-text">攻击者:注册IdP账号</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E7%94%A8%E6%88%B7%E6%B3%A8%E5%86%8CRP%E8%B4%A6%E5%8F%B7"><span class="nav-number">4.3.3.</span> <span class="nav-text">用户注册RP账号</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%94%BB%E5%87%BB%E8%80%85%E5%AE%8C%E6%88%90%E6%94%BB%E5%87%BB%E5%89%8D%E7%9A%84%E7%8A%B6%E6%80%81"><span class="nav-number">4.3.4.</span> <span class="nav-text">攻击者完成攻击前的状态</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%94%BB%E5%87%BB%E8%80%85%E7%9A%84%E6%93%8D%E4%BD%9C%E6%B5%81%E7%A8%8B"><span class="nav-number">4.3.5.</span> <span class="nav-text">攻击者的操作流程</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95RP%E5%B9%B6%E8%AE%BF%E9%97%AE%E6%94%BB%E5%87%BB%E8%80%85%E7%9A%84%E7%BD%91%E7%AB%99"><span class="nav-number">4.3.6.</span> <span class="nav-text">用户登录RP并访问攻击者的网站</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%94%BB%E5%87%BB%E8%80%85%E5%85%A5%E4%BE%B5%E7%94%A8%E6%88%B7%E7%9A%84RP%E8%B4%A6%E6%88%B7"><span class="nav-number">4.3.7.</span> <span class="nav-text">攻击者入侵用户的RP账户</span></a></li></ol></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%9E%E9%AA%8C%E7%BB%93%E8%AE%BA"><span class="nav-number">5.</span> <span class="nav-text">实验结论</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%94%BB%E5%87%BB%E8%80%85%E6%94%BB%E5%87%BB%E5%89%8D%E6%8F%90%E6%9D%A1%E4%BB%B6"><span class="nav-number">5.1.</span> <span class="nav-text">攻击者攻击前提条件</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%A2%84%E9%98%B2%E6%96%B9%E6%B3%95"><span class="nav-number">5.2.</span> <span class="nav-text">预防方法</span></a></li></ol></li></ol></div>
</div>
<!--/noindex-->
<div class="site-overview-wrap sidebar-panel">
<div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
<img class="site-author-image" itemprop="image" alt="李钰璕"
src="/images/avatar.png">
<p class="site-author-name" itemprop="name">李钰璕</p>
<div class="site-description" itemprop="description">安全学习笔记</div>
</div>
<div class="site-state-wrap motion-element">
<nav class="site-state">
<div class="site-state-item site-state-posts">
<a href="/archives/">
<span class="site-state-item-count">89</span>
<span class="site-state-item-name">日志</span>
</a>
</div>
<div class="site-state-item site-state-categories">
<a href="/categories/">
<span class="site-state-item-count">17</span>
<span class="site-state-item-name">分类</span></a>
</div>
<div class="site-state-item site-state-tags">
<a href="/tags/">
<span class="site-state-item-count">115</span>
<span class="site-state-item-name">标签</span></a>
</div>
</nav>
</div>
<div class="links-of-author motion-element">
<span class="links-of-author-item">
<a href="https://github.com/Leeyuxun" title="GitHub → https://github.com/Leeyuxun" rel="noopener" target="_blank"><i class="fab fa-github fa-fw"></i></a>
</span>
<span class="links-of-author-item">
<a href="mailto:leeyuxun@163.com" title="E-Mail → mailto:leeyuxun@163.com" rel="noopener" target="_blank"><i class="fa fa-envelope fa-fw"></i></a>
</span>
</div>
</div>
<div class="back-to-top motion-element">
<i class="fa fa-arrow-up"></i>
<span>0%</span>
</div>
</div>
</aside>
<div id="sidebar-dimmer"></div>
</div>
</main>
<footer class="footer">
<div class="footer-inner">
<!--
<div class="copyright">
©
<span itemprop="copyrightYear">2023</span>
<span class="with-love">
<i class="fa fa-heart"></i>
</span>
<span class="author" itemprop="copyrightHolder">李钰璕</span>
</div>
-->
<div class="busuanzi-count">
<script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>
</div>
</div>
</footer>
</div>
<script src="/lib/anime.min.js"></script>
<script src="//cdn.jsdelivr.net/npm/jquery@3/dist/jquery.min.js"></script>
<script src="//cdn.jsdelivr.net/gh/fancyapps/fancybox@3/dist/jquery.fancybox.min.js"></script>
<script src="//cdn.jsdelivr.net/npm/pangu@4/dist/browser/pangu.min.js"></script>
<script src="/lib/velocity/velocity.min.js"></script>
<script src="/lib/velocity/velocity.ui.min.js"></script>
<script src="/js/utils.js"></script>
<script src="/js/motion.js"></script>
<script src="/js/schemes/pisces.js"></script>
<script src="/js/next-boot.js"></script>
<script src="/js/local-search.js"></script>
</body>
</html>