Ads 468x60px

Publisher

?>
?>

XSS a.k.a Site Cross Scripting a.k.a Cross Site Request Forgery Attack


Cross Site Request Forgery Attack

Cross-site request forgery ( CSRF or XSRF) is a type of malicious exploit of a website in which legitimate commands are sent from a user to a website without his permission.CSRF exploits is the trust that a site is in a user’s browser.It is also known as a one-click attack or session riding.Suppose a user login in a website A. After the authentication process, website provides a session id to the user and it’ll expire after the logout process. But this session id will exists
between login to logout period. In mean time all the request sent from victims browser to the website A will be recognised as a legitimate requests of this user because of this active valid session id which is stored as cookies and authenticate the user.This is called the trust of a website on the user’s browser. If the browser has valid session keys, it means all the request sent by this browser is valid an belong to this user.
Here comes the attacker. He posted a link on a website or forum which would send a http request to website A. User’s session is active so this http requset would be recognised as a request sent by this user and website would act according to this request.
Ex: The website A is the website of user’s bank.  User login into website. Website has a form for transfer of money to another account. suppose this for action generate this type of get request.
< img src=”http://bank.example.com/withdraw?account=sender&amount=amount&for=reciever”>
Attacker know the format of the form so he send the link in an image tag (as give below) to the user..
< img src=”http://bank.example.com/withdraw?account=bob&amount=1000000&for=alice”>
Browsers do not restrict the IMG tag to specific image types IMG tag could point to a page instead of an image.
If user (bob-in case of given url) will click on the image with running session then it’s money will be transfered to attacker’s(alice-in case of url) by the bank.
we can see this process in figures.
Web Browser has established an authenticated session with the Trusted Site. Trusted Action should only be performed when the Web Browser makes the request over the authenicated session.

Web Browser attempts to perform a Trusted Action. The Trusted Site confirms that the
Web Browser is authenticated and allows the action to be performed.
The Attacking Site causes the browser to send a request to the Trusted Site. The Trusted Site sees a valid, authenticated request from the Web Browser and performs the Trusted Action.
Preventing CSRF:
  1. Use POST rather than GET in forms
  2. Do not focus on convenience
  3. Force the use of your own forms
  4. Checking the HTTP Referer header
  5. Limiting the lifetime of authentication cookies
  6. Use of random token with each session 
Credit to:D4rkPr1nc3 For Giving Me This Tutorial :D

0 comments:

Post a Comment

 
In the sky flies a red flag with a white cross whose vertical bar is shifted toward the flagpole.