CSRF

What is CSRF Attack?

CSRF stand for Client Side Request Forgery. CSRF can also be called XSRF, which means Cross Site Request Forgery. This attack forces an end-user to execute unwanted actions on a web application which they’re currently authenticated. Social engineering such as sending a link via an email or chat is mostly used to process CSRF attack. If the victim has an admin account, CSRF can compromise the entire web application.

CSRF Attack Possibility

A Relevant Action

• Must there be an action, which an attacker can induce.
• Might be a privileged action (modifying permissions) or any action on user-specific data (eg :- changing user’s own password).

Cookie Based Session Handling

• When application relies solely on session cookies.
• There is no other mechanism in place for tracking sessions or validating user requests.

No Unpredictable Request Parameter

• Requests that perform the action do not contain any parameters whose values the attacker cannot determine or guess.
• If there’s a CSRF token, then attacker can’t predict or guess it. This makes the web application not vulnerable to CSRF attack.

Mitigations / Preventions

• Use Anti-CSRF Tokens.
• Use captcha.
• Implement SameSite cookie attribute.
• Use Referrer header.

Primary Defence - CSRF Tokens.

Additional Defence - SameSite Cookies.

Inadequate Defence - Referrer Header.