Cross Site Request Forgery (METHORD 01)

Introduction to Cross Site Request Forgery




Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data since the attacker has no way to see the response to the forged request.

In this post you can learn how CSRF can be used to protect your own website by generating Cross-Site Request Forgery Tokens in server side and validating them before respond to any client request. 

You can find sample website source code is uploaded to the GitHub and you can download it from there.

LINK : "  https://github.com/PasanRS/Cross-Site-Request-Forgery-METHORD-01-   "

What does this website do?

 User logs into the website using his/her credentials (username and password are hardcoded "pasan", "pasan"). Upon the log in a session will be created and the session id will be used to map with the CSRF token that will be generated along with the session creation.
Then the user redirects to a web page that allows the user to update a post. When this page loads with the help of AJAX, generated CSRF token value will be added to a hidden field in the HTML form.
Once the user updates a post CSRF token will be validated. If it is valid user will see the post he updated......
























index.php

Once the form is submitted result.php will be called.


result.php






While php code is written on top of the page to validate the user inputs Ajax is used call the csrf_token_generator.php file to get the generated CSRF token value and put it inside the hidden textfield in the HTML form.




























csrf_token_generator.php

This php file generates the csrf token. Also it sets a browser cookie with the value of session_id. After that CSRF token value will be stored in a text file called Tokens.txt along with it's session_id.




openssl_randon_pseudo_bytes() is used to generate the 32bit long csrf token. In order to use this function you have to have openssl installed. Otherwise it will give you an error. The generated value then converted into it's base64 value using base64_encode() function in order to make it more secure.

token.php



this php file has checkToken function which gets  two parameters (csrf token and session id) and return true if the given parameters matches with the values that are stored inside the text file.


Tokens.txt



 home.php



 This is where checkToken function gets called.




There are other ways that CSRF can be attacked too. We'll  be discussing them in future posts 

Thank you for reading my Blog :)














Comments

Post a Comment

Popular posts from this blog

Attacks Against Weak Token Generation

Attacks Against Weak Token Generation During our last post to this we discusses about basics of Session Management Attack which is also known as session hacking. In this post we will have a look on how you can attack weak token generation method to attack session management. Following are most common methods of generating weak tokens, Using meaningful tokens Predictable token generation Adding time dependent variations in tokens Now some important things before we discus real hack steps. In applications that use standard cookie mechanism for transmitting session tokens, it is easy to identify which item of data contains the token. In other cases it needs real brain work to identify them. Many web developers add extra tokens to cookies to fool hackers for example an application might add 14 tokens to yours browser's store, out of which only six are responsible for session management no matter what value other eight have only six of them will hand...
Read more

Some Terminologies You Should Know About Trojans

Image
Some Terminologies You Should Know About Trojans in this following post we will discus some most frequently used terminologies that we usually hear when word Trojan pops out. They are discussed here because after knowing them you'll be able to understand how attacker manages to circulate RAT server, hide its presence and also bypasses firewall rules. Over And Covert Channel: A channel here describes means of communication. An overt channel means legal, obvious or known where as covert means hidden and concealed. In other words overt means legal means of communication whereas covert means illegal means of communication. In technical terms overt channel follows rules by TCP/IP suite where as covert channel exploit weakness of TCP/IP model for illegal communication. Wrappers: Wrappers are programs that helps binding two files together. They can bind either multiple files of same extension or multiple files with multiple extension. Wrappers are ...
Read more

Nmap Scanning

Image
Nmap best known as hacker’s best friend may it be ethical or criminal is one of the best known network scanners available today. Today nearly each and every hacker uses nmap as network scanning tool and even pen-testing tools are bundled with Nmap as basic port scanning tool. Nmap can scan network, ports, services and also garb OS. This tutorial is written keeping this in mind that everyone should be able to grasp all commands and switches given in this tutorial in single reading. Do you think it’s impossible so why not give a try. First we divide switches into four types, 1.Synchronous Scans 2.Ping Scans 3.Time Scans 4.Output Type Synchronous Scan :All synchronous scans start with “-s”(without quotes), note that the ‘s’ denoting synchronous is not capital. Now a basic synchronous scan command is written as follows, nmap -s[synchronous scan type] ip_address ---------------------------------------------- -sT Synchronous TCP scan -sS Synchronous Stea...
Read more