{"id":23,"date":"2018-10-25T08:51:00","date_gmt":"2018-10-25T06:51:00","guid":{"rendered":""},"modified":"2020-08-22T14:29:21","modified_gmt":"2020-08-22T12:29:21","slug":"learn-about-cross-site-request-forgery-csrf-attack","status":"publish","type":"post","link":"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack\/","title":{"rendered":"Learn About Cross-Site Request Forgery (CSRF) Attack"},"content":{"rendered":"<div style=\"color: #555555;\">In this brief article, I will explain to you how the Cross-Site Request Forgery attack works in a very simple and easy-to-understand way.<\/div>\n<div style=\"color: #555555;\"><\/div>\n<p>&nbsp;<\/p>\n<div style=\"color: #555555;\">We would cover the following topics:<\/div>\n<div style=\"color: #555555;\"><\/div>\n<ol>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t1\">Introduction<\/a><\/li>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t2\">Use of HTTP Cookies<\/a><\/li>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t3\">How Cookies are Created<\/a><\/li>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t4\">Use of HTTP Authentication<\/a><\/li>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t5\">What is Cross-Site Request<\/a><\/li>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t6\">Steps in CSRF Attack<\/a><\/li>\n<li><a href=\"https:\/\/kindsonthegenius.com\/blog\/learn-about-cross-site-request-forgery-csrf-attack#t7\">Recommendation for Protection<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<div style=\"color: #555555;\">\n<h3 id=\"t1\">1. Introduction<\/h3>\n<\/div>\n<div style=\"color: #555555;\">The CSRF attack works by exploiting existing authenticated user sessions. For example, user does not log out of a web portal and visit another site or opens another tab. So he browses another site while the authenticated session is still active.<\/div>\n<div style=\"color: #555555;\"><\/div>\n<div style=\"color: #555555;\">First let me explain how websites maintain authenticated web sessions:<\/div>\n<div style=\"color: #555555;\"><\/div>\n<ul>\n<li>Use of HTTP Cookies<\/li>\n<li>Use of HTTP Authentication Credentials (Authentication Tokens)<\/li>\n<\/ul>\n<div style=\"color: #555555;\"><\/div>\n<div><\/div>\n<div style=\"color: #555555;\">\n&nbsp;<\/p>\n<h3>2. Use of HTTP Cookies<\/h3>\n<\/div>\n<div style=\"color: #555555;\">Cookies are text data that the web server sends to the browser. The browser keeps cookies on the client computer and attaches them to subsequent requests made to the web server that sent them.<\/div>\n<div style=\"color: #555555;\"><\/div>\n<div><\/div>\n<div style=\"color: #555555;\">\n&nbsp;<\/p>\n<h3 id=\"t3\">3. How Cookies a Created<\/h3>\n<\/div>\n<div style=\"color: #555555;\">A cookies is created after a website has authenticated a user. In this case the website sends back a cookie that contains a &#8216;session ID&#8217; that is unique to that user session. This is what is known as authentication cookie. So every request coming from the user with this authentication cookie is interpreted as coming from the user who has this session.<\/div>\n<p><span style=\"color: #555555;\">However, when a website sends a cookie to a browser, the website also provides and <\/span>&#8216;<i>expires&#8217;<\/i><i style=\"color: #555555;\">\u00a0<\/i><span style=\"color: #555555;\">attribute together with other attributes. The expires attribute indicates the validity period of the cookie of which the cookie is deleted after thee validity period. If the <\/span>expires <span style=\"color: #555555;\">attribute is lacking, then this type of cookie is known as <\/span><i>session cookie<\/i><span style=\"color: #555555;\"> and is normally deleted when the user closes the browser window. Cookies that comes with an expires field are known &#8216;persistent cookies&#8217;.<\/span><br \/>\n<span style=\"color: #555555;\"><br \/>\n<\/span> <b><\/b><\/p>\n<h3 id=\"t4\">4. Use of HTTP Authentication<\/h3>\n<p><span style=\"color: #555555;\">This is a somewhat more secure mechanism used in intranet environments and does not make user of cookies.\u00a0 In this case, when a site is visited by a user, a popup is displayed that requests for user credentials. After the user submits the data, the credentials are encrypted and sent to the server using what is known as <\/span><i>authorization request header<\/i><span style=\"color: #555555;\">.<\/span><br \/>\n<span style=\"color: #555555;\">When later the user visit other web pages in the same intranet, then the browser automatically sends the credentials along with the request in the Authorization header.<\/span><ins style=\"display: block; text-align: center;\" data-ad-layout=\"in-article\" data-ad-format=\"fluid\" data-ad-client=\"ca-pub-7041870931346451\" data-ad-slot=\"8227894917\"><\/ins><span style=\"color: #555555;\"><br \/>\n<\/span> <b><\/b><\/p>\n<h3 id=\"t5\">5. What is Cross-Site Request?<\/h3>\n<p><span style=\"color: #555555;\">Cross-Site request occurs when a site contains a redirection to another site. In this case, a HTTP request sent to site A could also generate a HTTP request to site B. This is provided in form of hyperlinks in the first site.<\/span><br \/>\n<span style=\"color: #555555;\">So when a user clicks on link or button included in a web page, then the link may actually be directing an external website.<\/span><br \/>\n<span style=\"color: #555555;\"><br \/>\n<\/span> <b><\/b><\/p>\n<h3 id=\"t6\">6. Steps of CSRF Attack<\/h3>\n<p><span style=\"color: #555555;\">Generrally, the CSRF attack exploits the vulnerability of cross-site request for malicious intents. This is how it works:<\/span><\/p>\n<ul>\n<li><span style=\"color: #555555;\">User visits his banks website(mybank.com) and does a transaction.<\/span><\/li>\n<li><span style=\"color: #555555;\">He visits another website hacker.com without logging from his banking portal<\/span><\/li>\n<li><span style=\"color: #555555;\">Hacker.com creates and submits a request to mybank.com using the users active session. On sending this request, the user&#8217;s browser attaches the valid authentication cookie to the request<\/span><\/li>\n<li><span style=\"color: #555555;\">The mybank.com website interprets this request as coming from the user and processes it.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<div style=\"color: #555555;\">At this point, the hacker.com website takes over subsequent communication with mybank.com so long as the cookie is active. This is illustrated in Figure 2<\/div>\n<div style=\"color: #555555;\"><\/div>\n<div style=\"clear: both; text-align: center;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/2.bp.blogspot.com\/-eFvtjhlvdiw\/W9GBYChB5xI\/AAAAAAAACb8\/uYUDw4_kPLUDNX72xLGqDghURN1RieUYwCLcBGAs\/s1600\/How%2BCross-Site%2BRequest%2BForgery%2BWorks.jpg\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/2.bp.blogspot.com\/-eFvtjhlvdiw\/W9GBYChB5xI\/AAAAAAAACb8\/uYUDw4_kPLUDNX72xLGqDghURN1RieUYwCLcBGAs\/s640\/How%2BCross-Site%2BRequest%2BForgery%2BWorks.jpg\" width=\"640\" height=\"339\" border=\"0\" data-original-height=\"529\" data-original-width=\"991\" \/><\/a><\/div>\n<div style=\"color: #555555; text-align: center;\">Figure 2: How CSRF Work<\/div>\n<div style=\"color: #555555; text-align: center;\"><\/div>\n<div style=\"color: #555555;\">\n<p>&nbsp;<\/p>\n<h3 id=\"t7\">7. Recommendations for Protection<\/h3>\n<\/div>\n<div style=\"color: #555555;\">Since this article is for everyone, I would not discuss the the defenses in this article against CSRF as these would require some technical details. I would however like to make the following recommendation which applies to everyone to help you ensure some security.<\/div>\n<div style=\"color: #555555;\"><\/div>\n<ul>\n<li>always ensure you log out after using a secure application<\/li>\n<li>close the browser window after using a secure application such as you banking website.<\/li>\n<li>shut down your system at least everyday as this erases the cookies stored in the system.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this brief article, I will explain to you how the Cross-Site Request Forgery attack works in a very simple and easy-to-understand way. &nbsp; We &hellip; <\/p>\n","protected":false},"author":2,"featured_media":322,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[583],"tags":[],"_links":{"self":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts\/23"}],"collection":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/comments?post=23"}],"version-history":[{"count":12,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts\/23\/revisions"}],"predecessor-version":[{"id":1095,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts\/23\/revisions\/1095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/media\/322"}],"wp:attachment":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/media?parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/categories?post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/tags?post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}