Computer Security: Lecture 09-Cross Site Request Forgery

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

Cross-Site Request Forgery

Forces an authenticated user to submit a request to a web application without consent and Exploits the trust a site has in the users browser

2
New cards

How CSRF Works

Step 1: User Logs into legitimate website and receives a session cookie. The browser stores this cookie and sends it with every request to the website

Step 2: Attacker tricks user into clicking a link and when clicked it leads to an attacker controlled website with hidden code to execute a CSRF attack

Step 3: Attacker’s Site Sends Request Using Victims’s Session which sends code to request anything from the trusted website by using the victims session cookie.

Step 4: Request executes actions on behalf of the user since it uses the session cookie so it seems to the trusted website as if it is a legitimate request

3
New cards

CSRF Attack on GET Requests

  • The user is logged into the trusted site which gives a session cookie to uniquely identify the user

  • When a HTTP request is made the attacker needs to send out a forged request from the victim’s machine so that the browsers will attach the victim’s session cookies with the requests

  • The attacker can place the piece of code in the form of javascript code in the attackers web page

  • HTML tags like img and iframe can trigger GET requests to the URL specified in src attribute.

4
New cards

Fundamental Causes of CSRF

  • The server cannot distinguish whether a request is cross site or same site

  • The browser does know the difference

5
New cards

Countermeasures: Referer Header

  • HTTP header field identifying the address of the web page from where the request is generated

  • a server can check whether the request is originated from its own pages or not

  • Since it reveals part of browsing history it causes privacy concern and is widely not used

6
New cards

Countermeasures: Same-Site Cookies

  • a special type of cookie in browsers like chrome and opera, which provide a special attribute to cookies called SameSite

  • This attribute is set by the servers and it tells the browsers whether a cookie should be attached to a cross-site request or not

7
New cards

Countermeasures: Secret Token

  • Server embeds random secret token in web page

  • The request includes the secret token

  • The server validates that the token in the request matches the one expected.