Skip to content

Latest commit

 

History

History
31 lines (20 loc) · 2.16 KB

File metadata and controls

31 lines (20 loc) · 2.16 KB
description

5.5.2 CSRF

CSRF stands for Cross-Site Request Forgery. It is a type of security vulnerability that occurs when an attacker tricks a user's browser into making an unintended and potentially malicious request on a website where the user is authenticated. The attack takes advantage of the fact that many websites rely solely on the user's authentication credentials (such as cookies) to determine the legitimacy of a request.

Here's a basic scenario of how CSRF works:

  1. The victim logs into a legitimate website and receives authentication credentials (e.g., a session cookie).
  2. While the victim is still authenticated, the attacker lures the victim into clicking on a specially crafted link or visiting a malicious website.
  3. The malicious website or link contains a request to perform an action on the targeted website, using the victim's authentication credentials stored in the browser.
  4. The browser, trusting the authentication credentials, sends the request to the legitimate website on behalf of the authenticated user, unknowingly carrying out the attacker's instructions.
  5. The targeted website, not recognizing the request as malicious, performs the action as if it were a legitimate request from the authenticated user.

CSRF attacks can result in various malicious actions, such as changing account settings, making financial transactions, or even performing actions with elevated privileges if the targeted user has administrative rights.

To prevent CSRF attacks, web developers often use techniques such as anti-CSRF tokens, which are unique tokens embedded in forms or requests to verify the legitimacy of the request. These tokens make it more challenging for attackers to forge requests because they would need to obtain the token, which is typically tied to the user's session.

DVWA Lab

{% content-ref url="https://app.gitbook.com/s/rRWtuMw6xkkeDjZfkcWC/dvwa/csrf" %} CSRF {% endcontent-ref %}

Other Resources

{% embed url="https://portswigger.net/web-security/csrf" %}

{% embed url="https://owasp.org/www-community/attacks/csrf" %}