Cross Site Request Forgery Attack

INSTRUCTOR: PRESENTED BY:

Prof. Dr. Edward Babulak Renu Dongol

Suvash Shah

Uttam Karmacharya

OverviewIntroduction

Background

Types of CSRF Attack

Case Scenario

Countermeasure

Tools and Technology

Conclusion

IntroductionCross-site request forgery is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

A successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.

BackgroundCSRF Attack is only successful if the user is currently authenticated because browser uses the session Id.

The attacker from his own site is attacking the user on the trusted site that’s why it is called cross site attack.

The forged http request is sent by the attacker on behalf of user without user’s consent so it is forgery request.

It uses the http get and http post method for making the request.

Types of CSRF AttackReflected CSRF attacks

Done using a blog, an email message or an instant message with URL. Usually this kind of attack fails.

Local/stored CSRF attacks Social sites where users are allowed to post images or links. This kind of attack succeeds.

Basic requirement for attack

Trusted Site

Malicious Site

Authenticated User

Case ScenarioHttp Get:

Can be forged easily using HTML tags like img, anchor and so on.

<a href=“http://bank.com/transfer.do?acct=MARIA&amount=10000”>View my pictures</a>

Http Post:

Use of JavaScript code to perform HTTP POST request.

<form action="http://bank.com/transfer.do" method="POST">

<input type="hidden" name="acct" value="MARIA"/>

<input type="hidden" name="amount" value="100000"/>

<input type="submit" value="View my pictures"/>

</form>

<body onload="document.forms[0].submit()">

Figure 1: Cross Site Request Forgery Attack on Http Get

Figure 2: Cross Site Request Forgery Attack on Http Post

Demo on CSRF Attack

Counter MeasureReferrer Header Approach

Client side validation. Checks the domain name.

Secret Token Approach Server side validation. Checks the token value sent by server in every http post request.

Counter Measure Flowchart

Demo on CSRF Counter Measure

Tools and TechnologyServer: IIS, MS SQL

Coding language: C#, SQL, JavaScript, HTML

Tools: Microsoft Visual Studio, MS SQL Server Management Studio 2012, Firefox, IE 11, Chrome, SEEDUbuntu9.11 VM

OS: Windows 8.1

ConclusionRequest can be send to the trusted site along with the required cookies using browser's feature.

Gained knowledge on how to forge the http request into two different ways i.e. Http Get and Http Post.

We can use secret token approach as it’s counter measure.

Referenceshttps://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

http://d2o0t5hpnwv4c1.cloudfront.net/965_csrfCI/flowchart.png

http://www.opensourceforu.com/wp-content/uploads/2010/11/Figure-2-CSRF-attack-on-POST.png

http://www.opensourceforu.com/wp-content/uploads/2010/11/Figure-1-CSRF-attack-on-GET.png

Thank you!! Any Questions?