What is CSRF Attack
It is the attack where malicious site sauses user's browser to perform a unwanted action on trusted it. Here in this scenario unlike XSS attack Website's trust on user's browser is exploited .
It basically occurs on those website that takes data and sent the data or perform a action with that data . It does not take care from where request originated.
SCENARIO
Bob might be browsing a chat forum where another user Malory had posted a message. Suppose Mallory has crafted an HTML image element that refernces an action on Bob's bank website.
<img src=http://www.bank.com/withdraw?account=bob&&ammount=100000&for=Malory>
if bob's bank keep authentication info in cookies that hasn't expired then attempt by Bob's browser to load image will submit withdrwal form with his cookies , thus authorizing transaction.
Therefore primearily target of this attack are webapplication that perform action based on input from trusted and authenticated user without requiring user to authorize a action.
CONCEPT
It basically occurs on those Website that takes dataand sent the data or perform action with tha data. It does not take care from where request is originated. If the Website is protected against XSS attack then also there is no surety that it will not be vulnerable to CSRF attack. CSRF will be successful on every site that has implicit authentication mechanism.
Authentication Mechanism
CSRF attack exploits authentication mechanism of site ie, Basically site/Web authentication normally assures a site request from Certain browser but it did not assured who actually requested.
Supppose Alice wants to visit a site T . T gives a Alice browser a cookie containing pseudorandom sessionId sid to track her session. Alice logs into site wiwth username and password credentials. The site record fact that alice logged into session sid . When Alic sends request to T her browser automatically sends session cookies containing sid.
Suppose Alice vists a site M , that contains javascript that causes Alice browser to send request to site T. Alice browser helpfully appednds the session cookies sid to the request on seeing the request came from Alice, so T perform the requested operation on Alice's account. This is successful CSRF attack.
XSS vs CSRF
PROTECTION FROM CSRF
There are two type of protection scenario .
Server Side Protection
Different framework are used for web development hence CSRF protection can be deirectly built into these Framework .
It is the attack where malicious site sauses user's browser to perform a unwanted action on trusted it. Here in this scenario unlike XSS attack Website's trust on user's browser is exploited .
It basically occurs on those website that takes data and sent the data or perform a action with that data . It does not take care from where request originated.
SCENARIO
Bob might be browsing a chat forum where another user Malory had posted a message. Suppose Mallory has crafted an HTML image element that refernces an action on Bob's bank website.
<img src=http://www.bank.com/withdraw?account=bob&&ammount=100000&for=Malory>
if bob's bank keep authentication info in cookies that hasn't expired then attempt by Bob's browser to load image will submit withdrwal form with his cookies , thus authorizing transaction.
Therefore primearily target of this attack are webapplication that perform action based on input from trusted and authenticated user without requiring user to authorize a action.
CONCEPT
It basically occurs on those Website that takes dataand sent the data or perform action with tha data. It does not take care from where request is originated. If the Website is protected against XSS attack then also there is no surety that it will not be vulnerable to CSRF attack. CSRF will be successful on every site that has implicit authentication mechanism.
Authentication Mechanism
CSRF attack exploits authentication mechanism of site ie, Basically site/Web authentication normally assures a site request from Certain browser but it did not assured who actually requested.
Supppose Alice wants to visit a site T . T gives a Alice browser a cookie containing pseudorandom sessionId sid to track her session. Alice logs into site wiwth username and password credentials. The site record fact that alice logged into session sid . When Alic sends request to T her browser automatically sends session cookies containing sid.
Suppose Alice vists a site M , that contains javascript that causes Alice browser to send request to site T. Alice browser helpfully appednds the session cookies sid to the request on seeing the request came from Alice, so T perform the requested operation on Alice's account. This is successful CSRF attack.
XSS vs CSRF
- XSS attack requires javascript while CSRF need not require javascript.
- XSS malicious code can be filtered but in CSRF the malicious code is on 3rd party so it cannot be filtered .
PROTECTION FROM CSRF
There are two type of protection scenario .
- ServerSide protection
- Client Side protection
Server Side Protection
Different framework are used for web development hence CSRF protection can be deirectly built into these Framework .
- Allow GET request to only retreive data and not to modify any data on server.
- Requiring all POST request to include pseudorandom value. when user visits a site a strong pseudorandom value is generated and it is stored as cookie on user's browser. When submitting request form this pseudorandom valueis submitted as form value ands also as cookie value. Attacker can only modify form value but cannot modify cookie value hence for valid form submission both values shoul be same which will not be the case as attacker sets his random form value.
Tool to prevent client side from CSRF attack is RequestRodeo. It works by acting like a proxy server b/w client and server. Any request if found invalid it strips authentication information from request . It has serious Limitation that it will not work when client side SSL authentication is used becauz RequestRodeo analyzes the data as it is passs through proxy befor it is displayed.
