Date post: | 08-Aug-2015 |
Category: |
Software |
Upload: | suvash-shah |
View: | 102 times |
Download: | 0 times |
Cross Site Request Forgery Attack
INSTRUCTOR: PRESENTED BY:
Prof. Dr. Edward Babulak Renu Dongol
Suvash Shah
Uttam Karmacharya
OverviewIntroduction
Background
Types of CSRF Attack
Case Scenario
Countermeasure
Tools and Technology
Conclusion
IntroductionCross-site request forgery is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
A successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
BackgroundCSRF Attack is only successful if the user is currently authenticated because browser uses the session Id.
The attacker from his own site is attacking the user on the trusted site that’s why it is called cross site attack.
The forged http request is sent by the attacker on behalf of user without user’s consent so it is forgery request.
It uses the http get and http post method for making the request.
Types of CSRF AttackReflected CSRF attacks
Done using a blog, an email message or an instant message with URL. Usually this kind of attack fails.
Local/stored CSRF attacks Social sites where users are allowed to post images or links. This kind of attack succeeds.
Case ScenarioHttp Get:
Can be forged easily using HTML tags like img, anchor and so on.
<a href=“http://bank.com/transfer.do?acct=MARIA&amount=10000”>View my pictures</a>
Http Post:
Use of JavaScript code to perform HTTP POST request.
<form action="http://bank.com/transfer.do" method="POST">
<input type="hidden" name="acct" value="MARIA"/>
<input type="hidden" name="amount" value="100000"/>
<input type="submit" value="View my pictures"/>
</form>
<body onload="document.forms[0].submit()">
Counter MeasureReferrer Header Approach
Client side validation. Checks the domain name.
Secret Token Approach Server side validation. Checks the token value sent by server in every http post request.
Tools and TechnologyServer: IIS, MS SQL
Coding language: C#, SQL, JavaScript, HTML
Tools: Microsoft Visual Studio, MS SQL Server Management Studio 2012, Firefox, IE 11, Chrome, SEEDUbuntu9.11 VM
OS: Windows 8.1
ConclusionRequest can be send to the trusted site along with the required cookies using browser's feature.
Gained knowledge on how to forge the http request into two different ways i.e. Http Get and Http Post.
We can use secret token approach as it’s counter measure.
Referenceshttps://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
http://d2o0t5hpnwv4c1.cloudfront.net/965_csrfCI/flowchart.png
http://www.opensourceforu.com/wp-content/uploads/2010/11/Figure-2-CSRF-attack-on-POST.png
http://www.opensourceforu.com/wp-content/uploads/2010/11/Figure-1-CSRF-attack-on-GET.png