Posted on June 23rd, 2009CSRF is one of the latest weapons website hackers have added to their arsenal. Short for cross site request forging, CSRF is an exploit that basically works by abusing the trust of your website users. Let’s go over a few examples of this attack so you can better understand what it is and how to prevent it.
Manipulating the Client-Server Model
In the average scenario, the communications between a client web browser and web server go something like this:
- The client makes a request to the server
- The server sends back a response
- The client accepts the response and displays content to the user
Let’s say you have a thriving blog community and other users are allowed to post to your site. To create a new blog entry, a user would have to visit your site, sign in, post their content, click the “add entry” link and submit the resulting form. Now think about what would happen if a malicious user were to copy that same blog form and host it on their own site. They could easily hide the fields, modify the wording and much more to disguise it. Unfortunately, there isn’t much to stop them from taking your form, changing it, placing the modified version on their site serving it to other users. Now this is where the cross-site aspect comes into play. If the attacker can persuade or trick a user logged onto your site to submit the form, the request will be processed utilizing their credentials stored in the cache. Since they are trusted on the site and logged in, the request would be processed and the unknowing user would have posted a new blog entry they didn’t write or no nothing about.
CSRF in Action
Here is a step by step example how cross site request forging works:
- An attacker copies a form from your site.
- The attacker then persuades or tricks a user with login credentials to your site to submit the form.
- The server hosting your site receives the form request and processes it, unaware that the submission was made by a malicious remote source. In the eyes of the server, the logged in user has authorization, allowing the attacker to easily bypass authentication.
- When it is all said and done, the unknowing user has contributed to the attack and appears to be the source of the problem.
Solution to CSRF
The best solution to the problem of cross site request forgery is potentially invasive but quite simple. Instead of serving forms to clients and processing them without regard to source of submission, add a session token to the form . By doing so, when a form is submitted, the token will be analyzed. If it matches the token sent with the form, processing occurs. If not, you will know and should become immediately suspicious. This move prevents a CSRF attack because the remote server no longer has a way to serve a valid form. Since it cannot predict the secret session token, request for submissions will always fail.