Scribd
Upload
38 views8 pages

Information System: Group:1 Cross-Site Request Forgery (CSRF) Attack

Cross-Site Request Forgery (CSRF) is an attack where a malicious site sends unauthorized requests to a trusted site during a user's active session. The attacker injects HTTP requests that the trusted site processes under the user's permissions. CSRF can only occur during an active user session. Elgg, a social networking site, was vulnerable, allowing an attacker named "boby" to potentially exploit user "Alice's" session. Tools like HTTP Live Header and Wireshark were used to analyze network traffic and website code. Countermeasures like unique tokens and tags can prevent CSRF by verifying requests originate from the user.

Uploaded by

dnn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
38 views8 pages

Information System: Group:1 Cross-Site Request Forgery (CSRF) Attack

Cross-Site Request Forgery (CSRF) is an attack where a malicious site sends unauthorized requests to a trusted site during a user's active session. The attacker injects HTTP requests that the trusted site processes under the user's permissions. CSRF can only occur during an active user session. Elgg, a social networking site, was vulnerable, allowing an attacker named "boby" to potentially exploit user "Alice's" session. Tools like HTTP Live Header and Wireshark were used to analyze network traffic and website code. Countermeasures like unique tokens and tags can prevent CSRF by verifying requests originate from the user.

Uploaded by

dnn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Information

system
Nidabahen Vohra
AZZ3643
 Group :1 Cross-Site Request Forgery
(CSRF) Attack
Trushenkumar Patel
ZME3094
Sachinkumar Chaudhary
PFEC3476
Disha Shukla
KEM3073
What is Cross-Site Request
Forgery (CSRF) Attack ?
 During active session of user, trusted site visits the malicious site
and at that time malicious site injects a HTTP request to user’s
active trusted site which cause damage.
 This is website to user side attack
 It can be done only at during user active session
 Attacker send request to user without known by user
Ref:https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery
Elgg social networking application

 Elgg is social networking site


 There many users
 Attack made on “Alice”
 Its done by user “boby”
attacker site
Victim site
Tools used in task

 HTTP LIVE HEADER – this can be download from add on function


in Firefox.
 This tools use to capture website’s header
 Wireshark – this is open source software to troubleshoot network,
analyse it
 Firefox element inspector tools : use to analyse the website
source and codes
Countermeasure

 Countermeasure is taken to prevent website from attack


 Its cleat different tags and token during active session so no one
can get in without knowing the user
 It sent specific known data to server that allows user to access
the site
 If someone try to attack it countermeasure will prevent it

You might also like