It's All About CSRF

in #csrf5 years ago (edited)

Lol-1.jpg

What up Crypto ppl , It's been a while since I stopped writing about blockchain & cryptocurrency. since we all stuck in quarantine I thought I should continue my blog again .. so after 2 years here we go :) Today I have chosen a topic related to the cybersecurity field.

What is CSRF?

what-is-csrf.jpg

Cross-Site Request-Forgery is commonly known as a " one-click attack" and "Sea Surf". simply it an attack that fools the end-user into submitting a malicious request s from the web application in which they’re authenticated also it's clear that CSRF attacks target state-changing requests, not theft of data, because the attacker has no way to see the response to the forged request but the victim does. however, It’s sometimes possible to store the CSRF attack on the vulnerable site itself. they are called “stored CSRF flaws”. This can be happened by simply storing an IMG or IFRAME tag in a line that accepts HTML, or by a more complex cross-site scripting attack. If the attack can store a CSRF attack on the site, the severity of the attack is significantly worse.

Reference:- https://bit.ly/35dredT

How to prevent it? (the Actions we can take)

*Make sure you have a good internet security software (yes. your windows defender is not enough trust me :P) also your anti-virus software is up to date.

  • Make a secondary user which doesn't have administrator permissions. so when you mistakenly click such virus or something it always ask for the permissions so that if you feel there is something wrong you can simply close it without giving access.

  • You may receive emails by saying that you won million doller lottery or a bens (for their anniversary or something like that) Do not open such emails.

*do not click any links that browse you to other sites or perform any other social network communication while you authenticated.

  • do not use public wifi networks and Whenever you finish a banking or financial transaction on a site always log off immediately.

  • Don’t just minimize or close your web browser after financial transactions.

*Never save your logins for a banking or financial institution site within your browser &Disable scripting in your browser. Firefox has a plugin that can prevent scripts from running.

What is Cross-Site Request Forgery Token & How it works?

CSRF Token is a secret and unique value that is embedded by the web application in all HTML forms and verified on the server-side. When the request is sent, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.

CSRF tokens can prevent CSRF attacks for an attacker to construct a fully valid HTTP request suitable for feeding to the end user

you can get a simple idea about how it works by looking at the diagram below

1_wmnna674hoEfUf7URZ965g.png

_ Assignment _

So i have developed a simple web application to show you how these things work in real life
it was developed by using HTML and PHP. you can simply login by using the hardcoded credentials. that is the only way to log in. if you use something other than given credentials it shows an error message.

GitHub link for the project :- https://github.com/cryptopal2/WsProject

Screenshot (7).png

if you use the right credentials. it will redirect you to another page called welcome.php and it starts the session by generating a cookie.. there is a red logout button which is developed using bootstraps if you click it before time out . you will be redirected to the login.php page by killing the session which is started when you log in.

1_PATb5ON-X-NmrBBjStrd6A.png

Screenshot (9).png

if you changed username and password. you can see following message

Screenshot (12).png

somehow if you failed you can see "can not be changed " error

Screenshot (13).png

when it comes to Sessions and Cookies when the page load a session will start and a cookie will set for a time period of '45000 ms' for the cyptopal2.

Screenshot (20).png

Screenshot (14).png

as you can be the session is only valid for the given time after that it will show session expired message with a link to the login page

We also pass the value for csrf token with the URL. Using the post method and it is a hidden value. And it is not visible to the URL. So no one can see anything. The token is also generated one time only.

Ajax Call

An Ajax call is a request initiated by the browser that does not straight result in a page transition. A servlet request is a Java-specifc term (servlets are a Java specification) for servicing an HTTP request that could get a simple POST (etc) or GET or an Ajax request.

I implement it like this

Screenshot (18).png

so i invite everyone to check my project and give me your comments

GitHub link for the project :- https://github.com/cryptopal2/WsProject

ref :- https://en.wikipedia.org/wiki/Ajax_%28programming%29