What is the CSRF or Cross-Site Request Forgery attack?
The Cross-Site Request Forgery attack or CSRF attack is an attack in which an attacker can exploit the authentication cookies of a victim and send a malicious request to a web application using the authentication cookies. Let’s try to understand how the attack works in more detail.
How does the CSRF attack work?
Most websites use cookies to store user credentials associated with the site. When a user authenticates himself to the web application, the cookie is set. Later, the information in the cookie is included along with every HTTP request sent by the authenticated user.
Suppose a user has authenticated in a banking site, bank.com, and the corresponding cookie is set in his machine. So, at this point, whatever request his browser will send to the banking site, the cookie will be used.
Now, an attacker, XYZ, wants to exploit the cookie and trick the user into transferring $10,000 to the attacker’s account. And the corresponding HTTP request for that operation is:
http://bank.com/transfer.do?acct=XYZ&amount=10000
So, the attacker sends an email to the user and tricks him into clicking on a link. Let’s say the link contains the following:
<a href=”http://bank.com/transfer.do?acct=XYZ&amount=10000”>Interesting Pictures! </a>
When the user clicks on the link while he is already authenticated to the banking site, the action will be performed, and $10,000 will be transferred to the attacker XYZ.
Here, I just gave one simple example to understand the attack. In a similar way, the user may be tricked into changing his password or email address. The user may even be tricked into purchasing something. HTTP GET and HTTP POST requests are equally vulnerable to this attack.
How to prevent CSRF attacks?
The most common method of preventing CSRF attacks is to append some secret and unpredictable challenge token to each request submitted by the user. Such tokens must be unique per session and also unique per request. As a result, even if the victim is tricked into clicking on some malicious link and submits a …
0 Comments