Scribd
Upload
17 views7 pages

Laboratory 4 Itt557 Weekly Lab Assignment

lab 4 tutorial

Uploaded by

nurulfatinazmierahamza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views7 pages

Laboratory 4 Itt557 Weekly Lab Assignment

lab 4 tutorial

Uploaded by

nurulfatinazmierahamza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

lOMoARcPSD|25118265

Laboratory 4-ITT557 - Weekly Lab Assignment

Introduction of Computer Security (Universiti Teknologi MARA)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university


Downloaded by Nurul Fatin Azmiera Hamza ([email protected])
lOMoARcPSD|25118265

LABORATORY 4
ITT 557
SESSION HIJACKING PART 2

NAME: AZAD IZZUDDIN BIN ZUL AZMI

STUDENT ID: 2022841816

Downloaded by Nurul Fatin Azmiera Hamza ([email protected])


lOMoARcPSD|25118265

LAB OBJECTIVES
At the end of this laboratory session, students should be able to:
i. Understand Cross Site Request Forgery (CSRF) attack.
ii. Provide solution to stop Cross Site Request Forgery (CSRF) attack.

REQUIREMENTS
For this laboratory session, students are required to have the following:
i. A running web server installation (WAMP or XAMPP)
ii. Code Editor (Notepad++, Sublime Text or Visual Studio)
iii. 2 Different types of browsers (Chrome, Firefox or Edge, either 2)

INSTRUCTIONS

UNDERSTANDING CROSS SITE REQUEST FORGERY (CSRF) ATTACK


1. Download your preferred Apache and PHP package installation (MAMP or XAMPP)
and install.
2. Once the installation is completed, verified that the webserver is up and running by
accessing the webserver home page.
3. Download the file csrf.zip file from Google Classroom.
4. Unzip the file inside the webserver webroot folder, normally it is called htdocs. It
could also be called www or html.
5. Access the dummy system by accessing the following URL:

http://127.0.0.1/csrf/login.html

6. You should get a page like the following:

2 | Mohd Ali Mohd Isa © 2022

Downloaded by Nurul Fatin Azmiera Hamza ([email protected])


lOMoARcPSD|25118265

7. This is a dummy banking system to demonstrate how a CSRF attack can occur. In a
CSRF attack, an attacker relies on the victim established session with a website, then
craft a URL for victim to click or access. When a victim accesses the URL, it will
perform action on behalf of the victim on the website. In this example, the URL will
perform a money transfer from the victim account to the attacker account.
8. Login into the system. The username and password can be found inside login.php.
9. Once log in, you will get page like this:

10. We will start with balance of USD500,000 in the victim account. Notice that on the
page there is a form for the victim to make a transfer to another account. Open the
file transfer.php and notice that inside the file, it will check if user has already
logged in, and will perform the transfer. There seems to be nothing wrong with the
implementation since user have to be log in, to perform the transfer.

CROSS SITE REQUEST FORGERY (CSRF) ATTACK 1 – USING IMAGE

1. Since the banking system only check if the user is logged in, an attacker can create a
URL with malicious request for the victim to open. In this example, a user send a URL
with a broken image link to the victim.
2. Open a new tab and access the following URL:

http://127.0.0.1/csrf/image.html

3 | Mohd Ali Mohd Isa © 2022

Downloaded by Nurul Fatin Azmiera Hamza ([email protected])


lOMoARcPSD|25118265

3. You should get the following result:

4. What is the SRC of the image file?


<img src="transfer.php?to=attacker-image&amp;amount=100000"> _

5. What happened when victim access this image?

Unintentional transfer will occur.

6. Go back to the previous tab of the main page of the banking system. Reload the page
and notice what happened to balanced. You should get the following result:

7. Is this example, the victim did not realize that by accessing the broken image, it is
performing a transfer to another account. Bear in mind that attacker could have sent
link to the victim via messaging application such as WhatsApp, telegram, or email.

4 | Mohd Ali Mohd Isa © 2022

Downloaded by Nurul Fatin Azmiera Hamza ([email protected])


lOMoARcPSD|25118265

CROSS SITE REQUEST FORGERY (CSRF) ATTACK 2 – USING FORM

1. We are going to see that they are numerous ways in which attacker can perform the
CSRF attack. For the attack using image to work, the request needs to be done over
GET method. What if the request needs to be done over POST?
2. Open the file transfer.php
3. Edit line 7 and 8 so that it becomes a POST request, like so:

4. Now try and access the URL with the broken image again, and then check if the money
is deducted from the balanced. Does it work?
Money is not deducted from the balance but the transfers is recorded.

5. One way to submit a post request is by using a form. Open form.html and look at the
code. In it is just normal HTML with form request, the only difference is that there a
script that will auto submit the form upon loading.
6. Access the URL:

http://127.0.0.1/csrf/form.html

7. Does the balanced get deducted this time? This is an example of a CSRF attack using
the POST method.

Yes the balance got deducted

5 | Mohd Ali Mohd Isa © 2022

CROSS SITE REQUEST FORGERY (CSRF) ATTACK 3 – USING XHR

Downloaded by Nurul Fatin Azmiera Hamza ([email protected])


lOMoARcPSD|25118265

1. In attack 2, we have seen how attacker can submit a form to create a POST CSRF
request. The problem with this method is that the victim will notice that there is a
request has been done on the banking site (since the page redirect).
2. A more silent way of making the request is by making the request in the background
using the XMLHttpRequest. XMLHttpRequest is a function that allows website to make
request in the background even after the page has finish loading. 3. Let see how this
works. Access the following URL:

http://127.0.0.1/csrf/xhr.html

4. Notice that the page does not load anything and does not redirect but make request in
the background.
5. Check the balanced in the victim account. Does the money get deducted?
Yes

6. This is another example of CSRF and is more dangerous because it shows that attacker
can create the request even when victim is surfing a legitimate website.

LAB ASSIGNMENT

Based on the 3 examples above, you should have understood how CSRF attack is being
carried out. Propose a solution on how the banking system above can be fixed to prevent
CSRF attack. Hint: use token.

Edit the files where the fix should be done and upload it in the Google Classroom. (You
probably need to edit 2 files). All The Best!

6 | Mohd Ali Mohd Isa © 2022

Downloaded by Nurul Fatin Azmiera Hamza ([email protected])

You might also like