Hello friend how are you doing today i have seen a lot of people over the internet asking about CSRF so i thought about creating a simple to understand tutorial over here so you can understand better. So in this article i am giving an example using a CSRF using GET method. So lets get started.
Introduction to CSRF:-
CSRF stands for Cross-Site Request Forgery it is in a sense opposite of XSS. As in CSRF it takes advantage of the trust which the application in the user. Where as in XSS the user have trust in the application.
Lets explain it in a kind of a story that will be good to understand.
Story time ..
Ali is logged into his bank account and he is also surfing over the web. After a while he receives an email on his account pretending to be from his bank is have some kind of security related stuff in it.
Ali quickly read the email and the was a link to the website where he can secure his bank account even more. He was hooked on to it and clicked on the link and is taken to the attackers fake site.
The source of the website looks like this..
<title> Secure your Bank Account ! </title>
<body> <img src=”http://alisbank.com/transfer.do?acct=AttackerFromRussia&amount=100000″ width=”1″ height=”1″>
<h1> Page not found </h1>
As soon as Ali opens the site his browser renders the code and actually sent a GET request to his bank transferring his life saving to the Attacker.
Attacker was like:-
What Ali sees is that there was an image but couldn’t be loaded. But more importantly Ali’s bank see’s a valid request coming from Ali telling them to send the money to the Attacker. Because Ali is authenticated this appears as a perfectly valid request and is processed.
Ali was like :-
And Ali didn’t live happily ever after :p
The Attacker just needed to social engineer Ali for his work, as the session cookie which AlisBank.com uses to authenticate and verify Ali’s identity are not known to the Attacker and using the fake email he get his work done.
There are many more ways to get CSRF work such as GET, POST request or HTTP methods. One control to prevent this is to setup a referrer header field in the HTTP request to make sure the request is originated from Alisbank.com and Attacker.com.
But that can also be bypassed with a combination with XSS.
To read more about XSS and CSRF use OWASP.