Csrf Attack (RPM)

Source: Internet
Author: User
Tags csrf attack

CSRF attack

What is Cross-site request forgery
Cross-site Request forgery: cross-site solicitation forgery, also known as "one click Attack" or session riding, usually abbreviated to CSRF or XSRF, is a malicious use of the site. Although it sounds like a cross-site script (XSS), it is very different from XSS and is almost at odds with the way it is attacked. XSS leverages trusted users within the site, while CSRF leverages trusted sites by disguising requests from trusted users. Compared to XSS attacks, csrf attacks are often less prevalent (and therefore have very few resources to protect against them) and are difficult to guard against, so they are considered more dangerous than XSS.

Examples and Features

CSRF attacks work by including links or scripts in pages that are accessed by authorized users. For example: A website user Bob may be browsing the chat forum while another user Alice is in this forum, and has just released a picture message with a Bob Bank link. Imagine Alice writing a link to a form submission that makes a withdrawal on Bob's bank site and takes the link as a picture tag. if Bob's Bank stores his authorization information in a cookie and the cookie is not expired, Bob's browser will submit the withdrawal form and his cookie when attempting to load the image, so that the transaction is authorized without the consent of Bob.

CSRF is a Web browser-dependent, obfuscated proxy attack (deputy attack). The agent in the bank example above is Bob's Web browser, which was confused and mistakenly handed Bob's authorization directly to Alice for use.

The following are common features of CSRF:

    • Compromising websites with user identities
    • Use the site's trust in user identities
    • Spoof the user's browser to send an HTTP request to the target site
    • The risk lies in Web applications that perform certain behaviors through trusted input form and authenticated users who do not need authorization for a particular behavior. A user who has been authenticated by a cookie stored in the user's browser will send an HTTP request to that trusting site in complete ignorance, thereby doing what the user is unwilling to do.
    • CSRF attacks that use images often appear in web forums, where users are allowed to post pictures without using JavaScript.

Precautionary measures

For Web sites, switching a persisted authorization method (such as a cookie or HTTP authorization) to an instantaneous authorization method (providing a hidden field in each form) will help the site prevent these attacks. A similar approach is to include the secret information in the form, the user-specified code name as a validation outside of the cookie.

Another option is to "double-commit" cookies. This method works only with Ajax requests, but it can be used as a global remediation method without changing a large number of form. If an authorized cookie is being read by the JavaScript code before form.post, then the restriction cross-domain rule will be applied. If the server needs to include a request for an authorization cookie in the POST request body or URL, the request must come from a trusted domain because the other domain cannot read the cookie from the trusting domain.

Contrary to the usual trust idea, using post instead of the Get method does not provide effective protection. Because JavaScript can use forged post requests. Nonetheless, requests that cause "side effects" to security should always be sent using post. The Post method does not leave the data tail in the Web server and proxy server logs, but the Get method leaves the data tail.

Although CSRF is a fundamental issue for Web applications, not a user's problem, users can protect their accounts on websites that lack secure design: By logging out of the site before browsing other sites or by clearing the browser's cookie after the end of the browser session.

Factors affecting the CSRF

The CSRF attack relies on the following assumptions:

    • Attacker knows the site where the victim resides
    • The attacker's target site has a persistent authorization cookie or the victim has a current session cookie
    • The target site does not have a second authorization for the user's behavior on the site

The description of him on the owasp is:

Cross-site Request Forgery (CSRF) is an attack that tricks the victim to loading a page that contains a malicious reques T. It is malicious in the sense that It inherits the identity and privileges of the victim to perform. An undesired function on the victim's behalf, like change the victim ' s e-mail address, home address, or password, or Purch ASE something. CSRF attacks generally target functions that cause a state change on the server but can also is used to access sensitive D Ata.

For most sites, browsers would automatically include with such requests any credentials associated with the site, such as T He user's session cookie, basic Auth credentials, IP address, Windows domain credentials, etc. Therefore, if the user is currently authenticated to the site, the site would have the no-from-distinguish this from a legiti Mate user request.

The attacker can make the victim perform. Actions that they didn ' t intend to, such as logout, purchase item, change account information, retrieve account Informatio n, or any other function provided by the vulnerable website.

Sometimes, it's possible to store the CSRF attack on the vulnerable site itself. Such vulnerabilities is called Stored CSRF flaws. This can is accomplished by simply storing an IMG or IFRAME. tag in a field is accepts HTML, or by a more complex cross-site scripting attack. If The attack can store a CSRF attack in the site, the severity of the attack is amplified. In particular, the likelihood is increased because the victim are more likely to view the page containing the attack than S ome random page on the Internet. The likelihood is also increased because the victim of sure to being authenticated to the site already.

SYNONYMS:CSRF attacks is also known by a number of other names, including XSRF, "Sea Surf", Session Riding, Cross-site R Eference forgery, hostile linking. Microsoft refers to the type of attack as a one-click attack in their threat modeling process and many places in their on Line documentation.

The specific text can refer to:

Http://www.owasp.org/index.php/Cross-Site_Request_Forgery

Http://en.wikipedia.org/wiki/Cross-site_request_forgery

Csrf Attack (RPM)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.