Dashboard Articles Playground Discussions More
Follow

CSRF

Zoino
11 years ago

0

I am looking into cross site request forgery at the moment and trying to learn what i can about it. Anyone have any good sites/books on this subject?

15replies
4voices
280views
Pete Maynard [Osaka]
11 years ago

0

This is a good start - https://www.hackthis.co.uk/articles/cross-site-request-forgery

I don’t have any specific examples, but once you know the theory of it you can start to look how sites prevent it, e.g. HackThis

 

Folding@Home Stats | Official Thread | Team Number: 223679

Zoino
11 years ago

0

Is there a way to determine if a site/ web application has protection against CSRF?

Pete Maynard [Osaka]
11 years ago | edited 11 years ago

0

w3af have a plugin for detection of CSRF.

 

Folding@Home Stats | Official Thread | Team Number: 223679

Zoino
11 years ago | edited 11 years ago

0

If a site stored more than one cookie, how would you target a certain cookie?

Zoino
11 years ago

0

bump, no reply’s?

Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

@Zoino: I don’t really get what you mean. As far as I know about CSRF, the attacker uses cookies as his “key” to transmit his malicious request(s). He just doesn’t care about the quantity of cookies, as long as they are still there.

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
[deleted user]
11 years ago | edited 11 years ago

0

CSRF: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

The attacker forces the end user to execute unwanted actions. Reference above.

Additional sites:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookies

As previously stated, the attacker doesn’t care about the quantity. Quality beats quantity. :)

Zoino
11 years ago

0

No i mean if a site stores say 10 cookies, and only one of them stores the cookie for the username and password. How would you target just that cookie?

[deleted user]
11 years ago | edited 11 years ago

0

From the research I done, I guess an attacker may use POST or GET methods to retrieve a cookie. Sorry for all the links. :P

http://www.php.net/manual/en/reserved.variables.request.php
http://www.php.net/manual/en/language.variables.external.php

Perhaps you’ll find these sources useful.

Zoino
11 years ago

0

alright thanks, il continue looking into it. :)

[deleted user]
11 years ago

0

Ok, good luck.

Cyan Wind [freewind1012]
11 years ago

0

@Zoino: The cookie is not the final target. Say, you want to poison an enemy general (send malicious request), you have his assistant poisoning him (use authenticated cookie to send that request). There’s no need to care about that assistant.

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
Zoino
11 years ago

0

It is for my purposes at the moment.

Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

[quote=Zoino]No i mean if a site stores say 10 cookies, and only one of them stores the cookie for the username and password. How would you target just that cookie?[/quote]

@Zoino: From a developer’s perspective or from an attacker’s perspective?
As a developer, you can print all the cookies (PHP):
print_r($_COOKIE);
Or just read the value of a cookie:
echo $_COOKIE['cookie_name'];

But you can’t read a cookie from another domain (because of security problems, of course). :p

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
Zoino
11 years ago

0

im looking at it from an attackers point of view. I.e. finding out the value of someone else’s login cookie remotely.

You must be logged in to reply to this discussion. Login
1 of 16

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss