Tuesday, 2 February 2016

CSRF(Concept &Scope)XSRF, Session Riding & Confused Deputy Attacks

Cross Site Request forgery (CSRF) attack occur when a malicious web site causes a user's web browser to preform an unwanted action on site which is trusted by the user and important credentials are being held by user at that site. These attacks are easy to prevent and easy to exploit.  Cross Site Request Forgery attacks are also known  as the Cross Site Reference Forgery (XSRF), Session Riding and Confused Deputy Attacks. I am using CSRF because it is the most commonly used term.

CSRF attacks are successful when an attacker can cause a user's browser to perform an unwanted action on another site which is the trusted user site. For this action to be successful  the user must be capable of performing this action. CSRF attacks are usually as powerful as a user. Means the more the user have access or privilege power on a web application the more powerful a successful attack will be. CSRF attacks are successful nearly against every site that is using implicit authentication. does not explicitly protect itself from CSRF attack.

CSRF Explanation Through Figs

Fig (1)

Fig (2)

Fig (3)

Authentication and CSRF

CSRF attacks most commonly exploit the authentication mechanisms if targeted sites. The root of the problem is that Web authentication normally assures site that a request came from a certain user's browser but it does not ensure that the user actually requested or authorised the request.

Explanation wit the help of Example

Suppose that the V visits a trusted site S when V visits this site the server gives V browser a Pseudo random Session Identifier SID  this SID is used by the server of S to identify that the user is V. when ever a request will be made by the V browser the browser will append this SID with the request and the S will understand that its V.

Now lets suppose that the V visits a malicious site with the same browser and there is a malicious Javascript code in that site which makes a HTTP request to the site S now the browser of V will append that SID  with the request as the request is being made to the trusted so when this request reaches the S it will be interpreted as the  request from V and it will be a successful CSRF attack. 


Alternatively the V may use Client Side SSL certificate but it will result in the same problem because the browser will helpfully use the certificate  to carry out request to S's site . Similarly if the V authenticates by his IP address CSRF attack would be possible.

No comments:

Post a Comment