Cross Site Request Forgery

WHAT IS CSRF

Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in.

For better understand let's look at this example

User loged in to his bank account.The bank give session token.

Haker send malicious link that look like it pointed to some trusted location.But really it connected to the bank.


When the user clicked on the fake link it use previously set session token.The hackers request will be executed and the users account hacked.for example money from the users account will be transfered to the the hackers account.

How did this happened? The hackers request to the bank was forged as it used the same session token of the user, which did not require user to log in again

Let's see how to prevent CSRF attacks...

The most popular implementation to prevent Cross-site Request Forgery (CSRF), is to make use of a challenge token that is associated with a particular user and can be found as a hidden value in every state changing form which is present on the web application. This token, called a CSRF Token or a Synchronizer Token, works as follows:
  • The web server generates a token
  • The token is statically set as a hidden input on the protected form
  • The form is submitted by the user
  • The token is included in the POST data
  • The web application compares the token generated by the web application with the token sent in through the request
  • If these tokens match, the request is valid, as it has been sent through the actual form in the web application
  • If there is no match, the request will be considered as illegal and will be rejected.

Let's see Implementation example of  CSRF

User log in to the system by using below login form
 (index.php)

While user login in to the system user session id and the generated CSRF token will be save in server side.Here I have write those values to a text file.after that I have directed user to sample page(SampleFormPage.php) which consist of a form.
 (LoginAction.php)

Inside SampleFormPage.php I have call to a endpoint which accept session cookie and send relevent CSRF token.Then I have set recived CSRF token to hidden input field of form inside SampleFormPage.php.
   (SampleFormPage.php)

   (CsrfTokenSender.php)Methode which accespt cookie and send CSRF token

When user submit the sample form hidden csrf token also submitted to form action method. Inside the form action method submitted csrf token and token which saved in the server will be compared and message will be prompted according to the compatibility.
  (SampleFormAction.php)

Comments

Post a Comment

Popular posts from this blog

Impact to other quality attributes when improving security of IOS

Image
IOS operating system have pay more attention towards the security of their operating system. When they try to improve their security quality attribute that was affected in other quality attributes in positively as well as negatively.so let’s see some of the security improvements that are done by IOS and how they affected for other quality attributes. 1.  6-digits  Pass-code After the release of IOS 9, Apple has change their default pass-code form 4 digits to 6 digits. Their main target was make harder for hackers to crack their system. ➢     But with this newly introduced feature Usability has been decreased . Users have faced to troubles with this newly introduced security feature.                              Ex-: ➢     This 6 digit pass-code was introduced with after the IOS version...
Read more

OAuth 2.0

Image
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites Auth 2.0 has Four major roles  Client  -- Also called "the app". It can be an app running on a mobile device or a traditional web app. The app makes requests to the resource server for protected assets on behalf of the resource owner. The resource owner must give the app permission to access the protected resources. Resource owner  -- Also called an "end user". This is generally the person (or other entity) who is capable of granting access to a protected resource. For example, if an app needs to use data from one of your social media sites, then you are the re...
Read more