Knowledge Management Banner

Knowledge Management Banner

Cross Site Request Forgery ( XSRF / CSRF )

Cross Site Request Forgery 

  • It is an attack at the end user which forces to executes unwanted action without user's concerns when the user is authenticated.
Example
  • In order to make CSRF attack the hacker will study the structure of application and understand it very well, how POST and GET works.
  • For e.g. a common GET request for money transfer ( say for e.g. 100 Rs ) looks like below
  • GET http://abcbank.com/transfer.do?acct=PersonB&amount;=100 HTTP/1.1
  • Once the hacker studies application and understands the request format he/she can modify the link to transfer the money in their own bank account, the modified request may look like below
  • GET http://abcbank.com/transfer.do?acct=Hacker&amount;=100 HTTP/1.1
  • Thus this malicious url can be encoded into innocent looking hyperlink which looks like below, and can be sent to email.
  • <a href="http://abcbank.com/transfer.do?acct=Hacker&amount;=100">Click here</a>
  • Thus the above link can be distributed to large number of bank customer by decorating it with html, css or may be by creating interesting ad, etc.
  • The one who clicks the link while logged in bank account will unintentionally initiate the transfer of 100 Rs. to hacker
  • If bank's website is using only post request, its impossible to place illegal request by <a> anchor tag.
  • However the attack can be done using <form> tag by automatic execution of javascript which looks like below
 <body onload="document.forms[0].submit()">  
   <form action="http://abcbank.com/transfer.do" method="POST">  
    <input type="hidden" name="acct" value="Hacker"/>  
    <input type="hidden" name="amount" value="100"/>  
    <input type="submit" value="View my pictures!"/>  
   </form>  
  </body>  

No comments

Powered by Blogger.