Cross Site Request Forgery (CSRF)
When we using computers, it would be better if we know about security risks also. Therefore today I will consider about computer security problem. I'm writing this post to talk about a common type of cyber attack which named Cross Site Request Forgery (CSRF). Lets talk about what is this CSRF means? This is a kind of attack used by hackers to execute some action that wanted by hacker with the authorization of end user (legitimate user). To make it more clear, I will take some example.
This is the story. There are two characters named John and Robert. Both of people have a facebook account and John have some photos uploaded into his facebook account. But that photos can be viewed only by the friends of John. Robert is not a friend of John and so Robert cannot view them. However he needs to view that photos. One option he has is to be a facebook friend of John. But the problem is John does not want to be a facebook friend with Robert. What can robert do?
According to the above story, John is the legitimate user and Robert is the hacker. Robert can make a CSRF attack to force John to execute friend request. Basically, in any web based applications, actions will happen through some web requests (REST, SOAP). Lets assume this GET request https://facebook.com/friends/Robert will make a friend request to Robert. Robert can send this URL to John force him to execute it. That is a CSRF attack.
How Robert can achieve the the goal. One way is sending an email with HTML body that contains hidden img tag with src parameter as above URL.
<div style="display:none;">
<img src="https://facebook.com/friends/Robert">
</div>
When body of the email page loads, img tag will try the execute URL the given in src parameter, it will automatically execute Robert's request. So John is making a facebook friend request to Robert even John does not know that he does.
How to prevent this type of attacks? There are 3 options we can use to prevent it.
Thank you.
Please note that the URL I used above is not the real web request URL of the facebook.com. It is a simple example to make the concept of CSRF more clear.
This is the story. There are two characters named John and Robert. Both of people have a facebook account and John have some photos uploaded into his facebook account. But that photos can be viewed only by the friends of John. Robert is not a friend of John and so Robert cannot view them. However he needs to view that photos. One option he has is to be a facebook friend of John. But the problem is John does not want to be a facebook friend with Robert. What can robert do?
According to the above story, John is the legitimate user and Robert is the hacker. Robert can make a CSRF attack to force John to execute friend request. Basically, in any web based applications, actions will happen through some web requests (REST, SOAP). Lets assume this GET request https://facebook.com/friends/Robert will make a friend request to Robert. Robert can send this URL to John force him to execute it. That is a CSRF attack.
How Robert can achieve the the goal. One way is sending an email with HTML body that contains hidden img tag with src parameter as above URL.
<div style="display:none;">
<img src="https://facebook.com/friends/Robert">
</div>
When body of the email page loads, img tag will try the execute URL the given in src parameter, it will automatically execute Robert's request. So John is making a facebook friend request to Robert even John does not know that he does.
How to prevent this type of attacks? There are 3 options we can use to prevent it.
- Synchronizer patter.
- Double submit cookie pattern.
- Samesite flag for cookies.
Thank you.
Please note that the URL I used above is not the real web request URL of the facebook.com. It is a simple example to make the concept of CSRF more clear.
Comments
Post a Comment