What is a CSRF Attack?
A CSRF attack is a form of attack in which commands are transmitted from a victim to another website without the users consent. CSRF attacks are usually invisible and rely on browser functionality (such as automatically loading images).
How is a CSRF Attack Carried Out?
CSRF attacks are embedded in an element browsers automatically react to (such as an image tag).
Lets assume that Joe has just registered with a brand new Electronic Money transfer site. When Joe wants to transfer money, he heads to www.example.com/transfer.php to send some money to his wife, Mary.
He fills out the forms for the amount of money he wants to transfer and who he wants to send the money to, and then clicks submit. The URL now looks like this:
CODE :
__________________________________________________________________________
//www.example.com/transfer.php?from=Joe&to=Mary&amount=2
__________________________________________________________________________
The next day, Janice, Joes angry ex-wife, also registers with the site. She decides to send $5 to her boyfriend, named Sam. She heads to www.example.com/transfer.php, fills out the forms (quite angrily), and hits submit.
She notices that the URL,
CODE :
__________________________________________________________________________
//www.example.com/transfer.php?from=Janice&to=Sam&amount=5
__________________________________________________________________________
does not require any authorization besides her Session cookie (which is automatically send to the web server).
Still bitter over what she thinks was an unfair settlement to her divorce with Joe, she slips on her black hat and decides to cheat Joe out of his money.
She sends a message to Joe which looks like this:
CODE :
__________________________________________________________________________
//Title: I Hate You!!!!
You are the most rotten, vile, PIG ever!!!!!
[img]www.example.com/transfer.php?from=Joe&to=Janice&amount=5000[/img]
__________________________________________________________________________
(Note that Janice used BBCode for her image tag, which example.com automatically translates into HTML.)
Later that day, Joe logs on and views the message. His browser sees the image tag and automatically follows it to
CODE :
__________________________________________________________________________
//www.example.com/transfer.php?from=Joe&to=Janice&amount=5000
__________________________________________________________________________
His browser then attempts to download the page and display it as an image. Because the link provided is not a valid image, the browser displays it as a broken image.
However, the server at example.com sees that Joe has visited the link, and transfers $5000 dollars to Janice.
All this happens invisibly and within seconds.
Dangers of CSRF
We now understand how a CSRF attack is performed. But, what can this attack do?
It can:
*Transfer Funds
*Log a user in/out
*Register a user
*Log data of a user
*Send a message from the victim to someone else
*Etc
The only requirement is that the server must not have a means of detecting if the user has authorized the action that a CSRF attack performs.
Prevention of CSRF Attacks
CSRF attacks can be prevented in a number of ways, but the best way to prevent them is a combination of many different methods.
CSRF attacks are much easier if an action can be performed with an HTTP GET request, but simply having only POST requests is not sufficient to prevent CSRF attacks.
One common method of preventing CSRF attacks is to have a hidden value randomly generated upon the users visit of the webpage. The advantage of this strategy is that the attacker can not predict what the token will be, and thus cannot conduct the attack. This would look something like
CODE :
__________________________________________________________________________
//
No comments:
Post a Comment
try to make something then you never be lost