Cross Site Request Forgery ( XSRF / CSRF )

Cross Site Request Forgery 

• It is an attack at the end user which forces to executes unwanted action without user's concerns when the user is authenticated.

Example

• In order to make CSRF attack the hacker will study the structure of application and understand it very well, how POST and GET works.
• For e.g. a common GET request for money transfer ( say for e.g. 100 Rs ) looks like below
• GET http://abcbank.com/transfer.do?acct=PersonB&amount;=100 HTTP/1.1
• Once the hacker studies application and understands the request format he/she can modify the link to transfer the money in their own bank account, the modified request may look like below
• GET http://abcbank.com/transfer.do?acct=Hacker&amount;=100 HTTP/1.1
• Thus this malicious url can be encoded into innocent looking hyperlink which looks like below, and can be sent to email.
• <a href="http://abcbank.com/transfer.do?acct=Hacker&amount;=100">Click here</a>
• Thus the above link can be distributed to large number of bank customer by decorating it with html, css or may be by creating interesting ad, etc.
• The one who clicks the link while logged in bank account will unintentionally initiate the transfer of 100 Rs. to hacker
• If bank's website is using only post request, its impossible to place illegal request by <a> anchor tag.
• However the attack can be done using <form> tag by automatic execution of javascript which looks like below

 <body onload="document.forms[0].submit()">  
   <form action="http://abcbank.com/transfer.do" method="POST">  
    <input type="hidden" name="acct" value="Hacker"/>  
    <input type="hidden" name="amount" value="100"/>  
    <input type="submit" value="View my pictures!"/>  
   </form>  
  </body>