28 lines
1.6 KiB
Plaintext
28 lines
1.6 KiB
Plaintext
=== What is a Cross-site request forgery?
|
|
|
|
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF
|
|
(sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted
|
|
from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF
|
|
exploits the trust that a site has in a user's browser.
|
|
|
|
A cross-site request forgery is a 'confused deputy' attack against a web browser. CSRF commonly has the following characteristics:
|
|
|
|
* It involves sites that rely on a user's identity.
|
|
* It exploits the site's trust in that identity.
|
|
* It tricks the user's browser into sending HTTP requests to a target site.
|
|
* It involves HTTP requests that have side effects.
|
|
|
|
At risk are web applications that perform actions based on input from trusted and authenticated users without requiring the user to authorize
|
|
the specific action. A user who is authenticated by a cookie saved in the user's web browser could unknowingly send an HTTP request to a site
|
|
that trusts the user and thereby causes an unwanted action.
|
|
|
|
A CSRF attack targets/abuses basic web functionality. If the site allows that causes a state change on the server, such as changing the victim's email address or password, or purchasing
|
|
something. Forcing the victim to retrieve data doesn't benefit an attacker because the attacker doesn't receive the response, the victim does.
|
|
As such, CSRF attacks target state-changing requests.
|
|
|
|
Let's continue with some exercises to address way to perform a CSRF request.
|
|
|
|
|
|
|
|
|