Basics of Cross Site Request Forgery

Wednesday, October 14, 2009

** Well first, what is CSRF?

CSRF is Cross Site Request Forgery, also abbreviated as XRF, Sea Surf, and session Riding are also names for it.

&& Many people think that CSRF is the same as XSS, this is completely untrue. As you read through this you will learn why.
&& Although XSS vulns are not necessary for a CSRF, they will make it easier in most cases. XSS is not needed for CSRF.

-- in CSRF, the victim sends the attackers request to the webserver without knowing about it.
 


** So how do I use it?

Here would be a simple way to log the user out of the website.


The reason for the height and width being "1" is so that the victim won't notice an image that didn't load.

This can also be used using Iframes, automatic redirects (like a meta refresh) but this will alert the victim.


** A little more about the vulnerability:

Everything a user can do, CSRF can do. Unless it is specifically protected against, mainly by using tokens.
The user must be logged in to the website.

** Who has been vulnerable to this in the past?

Gmail, attackers could make filters, that when a user received an email containing "password" it would be forwarded and deleted.
Myspace
Facebook
Twitter
The list goes on, alot of websites still don't protect against it.

** Tips

Use hex coding, it won't be as suspicious, the victim will think it's just random characters.

0 comments: