Download presentation
Presentation is loading. Please wait.
Published byKristin Richardson Modified over 6 years ago
1
Cross-Site Request Forgeries: Exploitation and Prevention
William Zeller / Edward W. Felten Princeton University Overview How CSRF Attacks Work Exploits We Discovered Client-Side Solution Our work: Demonstrates attacks against four high-profile sites Provides a browser plugin to protect users Provides instructions and sample code showing websites and web frameworks how to protect themselves Large Bank* Transferring money out of user bank accounts Creating checking accounts on behalf of users Large Newspaper Site Identifying user addresses for spamming or identification Large Media Site Adding videos to user’s “Favorites” Adding attacker as user’s “Friend” Sending arbitrary messages on user’s behalf Automatically shared videos with user’s contacts, Etc, etc. Large Community Site Taking control of user accounts by: Changing user address “Friending” user to determine user name Entering user name on “Forgot Password” page which causes a new password of the attacker’s choosing to be created Implemented as a plugin for the Firefox web browser Blocks all cross domain post requests Gives users the option of white-listing Implements Adobe’s Cross Domain policy (ie, if cross-domain requests work with Flash, they’ll work with the plugin) Could easily be extended to other browsers Does not prevent attacks against sites that allow GET requests to cause trusted actions to be taken User Web Browser Trusted Site Authenticated Session Trusted Action The Web Browser has established an authenticated session with Trusted Site. Trusted Action should only be performed when an authenticated web browser makes the request. Introduction to CSRF User Web Browser Trusted Site Authenticated Session Trusted Action Cross-Site Request Forgeries (CSRF) Are a type of Web-based vulnerability Occur when a malicious web site causes a user’s browser to perform some action on a trusted site (using GET or POST requests) Require user to visit attacker’s site Have been called “the Sleeping Giant” of attacks Are easy to prevent once understood Are extremely prevalent on the Internet today Are not prevented by SSL Are possible even when Javascript is turned off (if the attacker can use GET requests to cause trusted actions to be taken) Server-Side Solution Sets nonce in form field and in cookie Only allow POST requests if values match Attacker can set form field values, but not cookie values Recommended for web frameworks (Code Igniter, Ruby on Rails, etc) Automates CSRF protection Removes CSRF protection from responsibility of web developer Implemented solution for Code Igniter Legacy web sites protected without modification Appears to be scheduled for inclusion in next release Example of a valid request. The Web Browser attempts to perform a Trusted Action. The Trusted Site confirms that the Web Browser is authenticated and allows the action to be performed. User Web Browser Trusted Site Authenticated Session Trusted Action Attacking Site Example of a CSRF attack. The Attacking Site causes the browser to send a request to the Trusted Site. The Trusted Site sees a valid, authenticated Web Browser and performs the Trusted Action. *Names removed while paper is in-submission
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.