Cross Site Request Forgery – CSRF

When an unauthorized request is sent/submitted from one site to another site without the knowledge of the user .. i.e. forging the requests.

Y and how of CSRF ….!!

I cannot think of a person who opens up a browser and just works on one tab. Although we cannot multitask but when it comes to internet surfing we open multiple tabs , online banking, news, forums, chat sessions etc. Now let us suppose that You have opened a website to book a train ticket and you can use your online wallet to pay the amount. Now if a hacker is smart enough to craft a request to book a ticket , and if you click on that request, job is done.

The question might pop up that y will u click the link. Unauthorized request can be embedded into a hyperlink or any other thing of interest which the user  might click.

Hitting the DEMO..!

Example 1

Form to change the password of an account, must have see plenty of these.

1csrf
Page to change password

Getting the code of the form to forge the requests.

2csrf
Lets get to the code

Highlighted is the code of the HTML form in form tags.

3csrf
You can easily figure out the code for html form.. copy that

Now we have the code in the notepad

I have added a few lines which are highlighted, these are added just to complete the code more over I have already added the value of my choice (CSRF here) to be submitted or new password.

4csrf
Force set the value of password and retype password.

If you save the above form as htm and run that , below will be the output with forced password values.

5csrf
The above code in the browser will look like this

The user will be tricked to click the change button, honey-click. The below is the result, changed password

6csrf

Remediations

  • Use of challenge tokens
    • Randomize token patterns
    • Encrypt them
  • Referrer checking
  • Challenge response – CAPCHA
  • 2FA
  • Encrypt the URL with unique session id
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s