{csrf}

"CSRF/XSRF (Cross-Site Request Forgery) is a type of web application vulnerability that allows a malicious website to send unauthorized requests to a vulnerable website using active sessions of its authorized users."

--- Samvel Gevorgyan

OWAS describes CSRF as ...

CSRF is an attack that tricks the victim into loading a page that contains a milicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf like change the victim's email address.

 

So basically CSRF attacks target functions that cause a state change on the server but can also be used to access sensitive data.

CSRF in a nutshell

DEMO!

CSRF strategies

  • CSRF tokens:
    • generated and verified in the backend
    • per request or per session
    • store in cookie or send with every request
    • not needed for GET
  • Re-Authentication
  • Captchas
  • set SameSite attribute on cookies
  • check referrer header (can be spoofed)

CSRF implementations

Questions

csrf

By Michael Müller