Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
In this blog entry, I will talk about a strategy that can be utilized to secure your own particular site by producing Cross-Site Request Forgery Tokens in server side and approving them before react to any customer request.
How it's working?
The user login to the website using their credentials.Here, I hard coded the user credentials for the testing purposes like this ($uname == 'thusiya' && $pwd == 'thusiya').Upon the sign in a session will be made and the session id will be utilized to delineate the CSRF token that will be produced along with the session creation.After that user redirects to a website that allows user to update posts.This page will be load with the help of AJAX.Then generated CSRF value will be added to a hidden field in the HTML file.When the user update a post, CSRF token will be validated.Then if it is a valid user, that post can be seen by the user.
How it's working?
The user login to the website using their credentials.Here, I hard coded the user credentials for the testing purposes like this ($uname == 'thusiya' && $pwd == 'thusiya').Upon the sign in a session will be made and the session id will be utilized to delineate the CSRF token that will be produced along with the session creation.After that user redirects to a website that allows user to update posts.This page will be load with the help of AJAX.Then generated CSRF value will be added to a hidden field in the HTML file.When the user update a post, CSRF token will be validated.Then if it is a valid user, that post can be seen by the user.
Index.php File
Once the form is submitted, then result.php file will be called.
For the validation of the user inputs, Code is like this.AJAX call is used call to the csrf_token_generator.php file and validate the generated CSRF token and put it into the hidden text field inside the HTML file.
csrf_token_generator.php
This php file generates the csrf token. Also it sets a browser cookie with the value of session_id. After that CSRF token value will be stored in a text file called Tokens.txt along with it's session_id.
openssl_randon_pseudo_bytes() is used to generate the 32bit long csrf token.
token.php
this php file has checkToken function which gets two parameters (csrf token and session id) and return true if the given parameters matches with the values that are stored inside the text file.
Tokens.txt
home.php
You can download source code from my GitHub.
No comments:
Post a Comment