Skip to main content

NoSQL Databases

Post a Comment

SSD

Cross Site Request Forgery


            Cross-Site Request Forgery (CSRF) is an assault that powers an end client to execute undesirable activities on a web application in which they're at present verified. CSRF assaults particularly target state-evolving demands, not robbery of information, since the assailant has no real way to see the reaction to the produced demand. With a little help of social designing, (for example, sending a connection through email or talk), an attacker may trap the clients of a web application into executing activities of the assailant's picking. On the off chance that the injured individual is a typical client, a fruitful CSRF assault can compel the client to perform state changing solicitations like exchanging reserves, changing their email address, ect. On the off chance that the unfortunate casualty is a managerial record,CSRF can compromise the entire web application.

What is CSRF and how it works ?

    Attackers who can find a reproducible link that executes a specific action on the target page while the victim is logged in can embed such link on a page they control and trick the victim into opening it. The attack carrier link may be placed in a location that the victim is likely to visit while logged into the target site (for example, a discussion forum), or sent in a HTML email body or attachment. A real CSRF vulnerability in uTorrent (CVE-2008-6586) exploited the fact that its web console accessible at localhost:8080 allowed mission-critical actions to be executed as a matter of simple GET request:

example:-

Force a .torrent file download


Change uTorrent administrator password 


     Attacks were launched by placing malicious, automatic-action HTML image elements on forums and email spam, so that browsers visiting these pages would open them automatically, without much user action. People running vulnerable uTorrent version at the same time as opening these pages were susceptible to the attack.

    CSRF attacks using image tags are often made from Internet forums, where users are allowed to post images but not JavaScript, for example using BBCode

    In order to prevent from this CSRF attack security problem there are two major security patterns that we can implement. 
        
       1.   Synchronizer Token Pattern
       2.   Double Submit Cookie Pattern

 Synchronizer Token Pattern 

     Synchronizer token pattern (STP) is a technique where a token, secret and unique value for each request, is embedded by the web application in all HTML forms and verified on the server side. The token may be generated by any method that ensures unpredictability and uniqueness (e.g. using a hash chain of random seed). The attacker is thus unable to place a correct token in their requests to authenticate them.



     STP is the most compatible as it only relies on HTML, but introduces some complexity on the server side, due to the burden associated with checking validity of the token on each request. As the token is unique and unpredictable, it also enforces proper sequence of events which raises usability problem. It can be relaxed by using per session CSRF token instead of per request CSRF token.
Image result for synchronizer token pattern


Now will get through a sample application to gain knowledge about synchronizer token pattern. You can get the sample application from https://supuntenna@bitbucket.org/supuntenna/ssd.git

index.php





      This login page submits client credentials through a POST request. At the login procedure, if the client is verified, a unique Session Id and the CSRF token will be generated. Upon login, created session id is saved in the browser and in the meantime, this CSRF token is saved on the server side along with the relevant session id. On this application I have stored the CSRF token token in a text file called as Token.txt.
     The logging credentials are hard coded, they are
  • UserName - admin123
  • Password - admin123

updateStatus.php
      In the updateStatus.php; it contains a php code to validate a user. Since I have hard coded the login credentials it will only validate those credentials. After that, it will make an Ajax call to generate a CSRF token to the 'csrf_token_generator.php' file. On this the token will get embedded as a hidden field on the form

 Below is the image where the token gets embedded as a hidden field to the form

csrf_token_generator.php

      On this php file openssl_random_pseudo_bytes(32) is used to generate the csrf token which a 32 bit long. After generating the token it is encoded using base64.
When the user clicks on the submit button; the csrf token is generated also the session id. 
      In the server side; server will get the session id from the header and the csrf token from the body. Then it will check whether its the same csrf token by matching it with the session id. this process happened on the token.php.

     If the process works correctly and if the csrf token matches with the session id then a page will be displayed with the successful message along with the status which was entered by the user.




results.php








Double Submit Cookie Pattern


     Similarly to the cookie-to-header approach, but without involving JavaScript, a site can set a CSRF token as a cookie, and also insert it as a hidden field in each HTML form sent to the client. When the form is submitted, the site can check that the cookie token matches the form token. The same-origin policy prevents an attacker from reading or setting cookies on the target domain, so they cannot put a valid token in their crafted form.[27]

 The advantage of this technique over the Synchronizer pattern is that the token does not need to be stored on the server.

 Following diagram will describe the flow,


Now will get through a sample application to gain knowledge about synchronizer token pattern. You can get the sample application from https://supuntenna@bitbucket.org/supuntenna/ssd.git






           This login page submits client credentials through a POST request. At the login procedure, if the client is verified, a unique Session Id and the CSRF token will be generated. Upon login, created session id and the CSRF token is saved in browser
     
           The logging credentials are hard coded, they are

  • UserName - admin123
  • Password - admin123

UpdateStatus.php





     On updateStatus.html the session cookie and CSRF cookies are stored on the browser. These cookies have one year expiration time and they are accessible from anywhere. A Java Script is written to retrieve the CSRF token value from the CSRF cookie set on the browser.

 results.php





On the results.php, CSRF cookie value and the CSRF value embedded in hidden field are sent to the token.php to validate.

 token.php

in checkToken() function if it returns 'true' that means the CSRF tokens are matching.













Comments

  1. panseywaffordFebruary 26, 2022 at 6:29 AM

    Casino Review 2021 | Honest Review by Casino Guru
    We rated Casino.com Casino.com from our 이스포츠 25+ online 생방송바카라 casinos and 70+ other 온라인 슬롯 top gaming sites. Read our review to find 유흥업소 사이트 out 벤 델핀 more.

    ReplyDelete
  2. AnonymousDecember 7, 2022 at 1:01 PM

    The website keeps updating the winners' names, plus suggestions and tips are freely available. Moreover, could also|you can even} examine which games have the best odds and the most important stakes so have the ability to|you possibly can} strive your luck there. A easy slots sport the place the GUI is drawn in a console window. The fiery fireball theme in Ultimate Fire Link® is re-established with a brilliant explosion! Ultimate Fire Link Explosion™ showcases your favorite Fire Link Feature that continues to award 카지노사이트 credit score prizes and Progressive jackpots. We can get hold of accident cover at airports merely by putting some money right into a slot machine.

    ReplyDelete

Post a Comment

Popular posts from this blog

EclEmma for code coverage

What is code coverage?                  Code coverage analysis is a structural testing technique (AKA glass box testing and white box testing). Structural testing is also called path testing since you choose test cases that cause paths to be taken through the structure of the program.  Code coverage is a measure used to describe the degree to which the source code  of a program  is executed when a particular test suits  runs. A program with high code coverage, measured as a percentage, has had more of its source code executed during testing which suggests it has a lower chance of containing undetected software bugs  compared to a program with low code coverage. What is EclEmma? This is a plugin for Eclipse which will shows you the coverage of a specific test set. You can run these on you Junit tests to check which statements are executed and which are not. there will be three main colors after you run this...
2 comments
Read more

SSD_OAuth 2.0

This blog post will give a brief description about OAuth 2.0 What is OAuth 2.0?    OAuth 2.0 is a (Open Authorization) is a framework that give users the ability to grant access to their information stored in one place, from another place. To understand what is OAuth first we need to understand the main roles, grant types and the types of tokens. Roles    Roles are used to define and separate entities which are involved in a request. Mainly there are four roles. The Client - The client is the third party application which tries t access the user account. This can be either a website or a application. The Resource Server - Resource server is the place which stores the user's information The Authorization Server - This is the server which approves or denies the request. The authorization server produces the access token to the client. The Resource Owner - Resource owner grants access to the requested data. Grant Types     Grant...
Post a Comment
Read more