Skip to main content

Cross Site Request Forgery

These attacks could occur due to the vulnerabilities of the code of the web applications. In these attacks attacker forces the browser to make unauthorized requests, behalf of the user. 
This can be explained as follows ,
  •         The user logs in to a web page and login to that page using his user credentials, assume that this web page is vulnerable to cross site request forgery.
  •         Then the user visits a web site without knowing the page is maintained by an attacker. This site contains CSRF attacks.
  •       When the script gets executed, the user’s browser make request to the that vulnerable website.
There are some mitigation methods we can use to prevent the CSRF attacks,
             1. Synchronizer token pattern.
            2. Double submit cookie pattern.
Let’s look at the implementation of these two methods using Java. 

 1) Synchronizer token patter
        In synchronizer token pattern, we generate a CSRF token upon successful login and save that value in the form of the page as a hidden field. CSRF token is string that    has been randomly get generated.This value also need to be saved in the server side endpoint.When user loges in we need to create the session a session identifier, and store it as  a cookie.Since the domains are different, attackers can’t execute cross domain AJAX request. In synchronizer token pattern, it uses two token. One is stored in the session and the  other one is saved in UI. The token values get compared in the server.
Figure 1
First you need to create a jsp file with a login form, as shown in the 
Figure 2,
Figure 2
  When user enter his user credentials and click on submit button we redirect him to the next page if the credentials are correct. Upon this we need to create the session cookie and need to generate the token.
Figure 3
  In here I have generated the CSRF token value and created the session cookie upon user login. The I have redirected the user to stpform.jsp page.
Figure 4
 This page contains another form. In here you can see that there is hidden field which holds the CSRF Token value. When user submit this form we need to validate the token values.This can be done by comparing the value that hold in this hidden field with the value stored in the server endpoint.
Figure 5
  In here I have performed the token validation.The token value saved in the form has been compared with the token value stored in the server endpoint.
If the values get matched, we redirect the user to the nest.jsp file. 

 2) Double submit cookie pattern
  Main difference of the implementation of double submit cookie pattern when comparing to the synchronizer token pattern is, It does not save the CSRF token value in the server side.
Both tokens are held in the UI. One token is stored in the http auth header and the other one is saved in the cookie.
Figure 6
Figure 7
  Upon successful user login I have generated the token and stored it as a cookie and in the hidden field of the form (UI). Then we need to validate the token values.
  This can be done by comparing the token value stored in the UI and the token value stored in the cookie.
  If the tokens get matched, we allow the user request.
Figure 8

       You can see a sample project (GitHub) :-  Cross Site Request Forgery Attacks
Location: Malabe, Sri Lanka

Comments

Post a Comment

Popular posts from this blog

Exploit Development Project

Basic Requirements for exploits   In here shows you how to identify a buffer overflow vulnerability and how to develop a buffer overflow exploit using Python and Ruby scripts within a Kali Linux attack VM.   Also use olly-dbg for debugging of the vulnserver executable. The victim VM will be a,   Windows 7 Professional 32-bit VM with vulnserver installed. Vulnserver is a windows-based multi-threaded TCP server that is intentionally vulnerable to buffer overflow. we're going to be exploiting the TRUN command in Vulnserver in order to a reverse shell with netcat.   In “Windows 7 Professional 32-bit VM” please make sure that the Windows Firewall is turned off and that your attack and victim VMs are able to ping one another. >>  GitHub Link >>   YouTube Link  
Post a Comment
Read more

Bigbang theory solutions

Phase 1 Give execute permission to the file  sheldon1  and then  we test our inputs using debugger.  Using GDB debugger we can open  sheldon1. We need to check the available function. Then we can check the main function. When the program runs we can enter the pass phrase and grant access to the next phase. The program calls the relevant phase function upon the correct phase phrase. Then check the phase_1 function. We have a fixed address pushed to the memory and then we got a TEST instruction. $0x80497c0 In that memory address we can print out the first 30 characters. Then we can use gdb to run the program to get the string and therefore we can test this is the right phrase. key =>> Public speaking is very easy. >> GitHub Link  
Post a Comment
Read more

Linux Shell coding

First you will need nasm installed on your machine to compile it. sudo apt-get install nasm Write the below assembly code in an editor and save as shell.asm To   compile it use the following commands $nasm -f elf -o shell.o shell.asm and $ld -o shell shell.o To address this issue we can use the following commands $nasm -f elf64 -o shell.o shell.asm and $ld -m elf_x86_64 -s -o shell shell.o Now run it with:  ./shell
Post a Comment
Read more