CSRF (Crosss-Site Request Forgeries)
CSRF (Crosss-Site Request Forgeries)
FORGERIES
Kjell Jørgen Hole
NoWires Research Group
Department of informatics
University of Bergen
OVERVIEW
2
CSRF DEFINED
CSRF DEFINITION
4
CSRF ILLUSTRATED
6
CSRF: The Attacking site causes the browser to
send a request to the Trusted site. The attack is
possible because the Trusted site authenticates
the browser, not the user
Attacking
site
8
SIMPLIFIED CSRF EXAMPLE
Client Server
10
HTML FORM IN BROWSER
To: [email protected]
Subject: CSRF Web page http://
Message: example.com/
compose.htm
When the user clicks “Send”
the e-mail is sent in a HTTP Contains a HTML
GET request form to send e-mail
Send
11
GET REQUEST
http://example.com/send_email.htm?
to=bob%40example.com&subject=CSRF&
msg=When+the+user+...
12
VULNERABILITY!
13
POSSIBLE ATTACK
14
ATTACK ILLUSTRATION
Request page
Web Web
User browser page
15
<img src="http://example.com/send_email.htm?
<
to=mallory%40example.com&subject=Hi&msg=My
+ email+address+has+been+stolen">
Fake e-mail
Web example.
page com
17
IMPORTANT OBSERVATION
18
CSRF AND AUTHENTICATION
AUTHENTICATION
VULNERABILITIES
20
EXAMPLE:
EXPLOITING SESSION COOKIE
Username + password
Web Trusted
User
browser site
21
EXAMPLE ...
Trusted
Step 3: User visits attacker- site
controlled site and downloads
Web page with malicious code
23
EXAMPLE ...
Malicious request
Web Trusted
User
page site
24
DISCUSSION
25
SSL session
Web Trusted
User
browser site
ATTACK VECTORS
28
ATTACK VECTORS ...
29
OBSERVATION
30
COUNTERMEASURES
SERVER-SIDE DEFENSE
32
SERVER-SIDE DEFENSE ...
34
CLIENT-SIDE DEFENSES
35
CONCLUSION
SIGNIFICANT PROBLEM
37
SOURCE
38