If not redirected, please click here https://www.thesecuritybuddy.com/vulnerabilities/what-is-csrf-or-cross-site-request-forgery-attack/
A Cross Site Request Forgery Attack
or CSRF Attack is an attack in which a user who is
authenticated to a web application is tricked to perform an unwanted
action like transferring funds to the attacker or change of password
in his account.
Most of the sites use cookies where it
stores user credentials associated with the site, IP address etc. For
every browser request, the information in the cookie is included with
every submitted request. Normally, when a user authenticates himself
in the web application, the cookie is set.
Suppose, a user has authenticated in a
banking site bank.com and corresponding cookie is set in his machine.
So, at this point, whatever request his browser will send to the
banking site, the cookie will be used.
Now, an attacker XYZ wants to exploit
the cookie and trick the user to transfer $10,000 to the attacker's
account. And corresponding HTTP request for that operation is :
http://bank.com/transfer.do?acct=XYZ&amount=10000
So, the attacker sends an email to the user ot tricks him to click a link in a webpage at this point. And the link contains :
<a href=”http://bank.com/transfer.do?acct=XYZ&amount=10000”>Interesting Pictures! </a>
So, the attacker sends an email to the user ot tricks him to click a link in a webpage at this point. And the link contains :
<a href=”http://bank.com/transfer.do?acct=XYZ&amount=10000”>Interesting Pictures! </a>
When the user will click the link while
he is already authenicated to the banking site, the action will be
performed and $10,000 will be transferred to the attacker XYZ.
Here, I just gave one simple example to
understand the attack. In similar way, the user may be tricked to
change his password, email address or to purchase something. And,
applications using GET or POST method or using forms are equally
vulnerable to this attack.
CSRF Attack can be stored in the
vulnerable site also. And if that happens, the severity of the attack
increases. In that scenario, the likelihood of the attack also
increases, as the victim is more likely to visit the webpage than to
visit some random website or click on some random link.
Countermeasures of CSRF Attack
The most common method of preventing
CSRF Attack is to append some unpredictable challenge token to each
request submitted by the user. Such tokens must be unique per session
and also unique per request. As a result, even if the victim is
tricked to click on some malicious link and submit a request, the
attacker won't be able to predict the value of the challenge token.
And so, the request will not get performed by the web application.
Most web applications prevent CSRF Attack in this method.
Cautions to be taken by users
- Log off immediately after using the web application.
- Do not allow your browser to store username and password of sensitive web application like banking site.
- Do not use the same browser to open sensitive web application and browse other websites freely.
- You can also use plugins like No-Script. It makes POST based CSRF vulnerabilities much difficult to exploit.
So, follow some simple rules and beware
of the possible vulnerabilities. And, stay safe, stay secured.
No comments:
Post a Comment