Skip to main content

Cross-site Request Forgery protection in web applications via Synchronizer Token

What is cross-site request forgery (CSRF)?



Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently  authenticated. CSRF attacks specifically target state-changing requests,  not theft of data, since the attacker has no way to see the response to the forged request.

We can avoid these kind of attack (CSRF) by two ways
1. Synchronizer Tokens
2. Double submitted cookies

In this case, we are considering about Synchronize Tokens. When we login, there will be a random number generated and stored on both the client side and server side. So when the attacker creates the code, he wont be knowing the token value. So he can not create a code with the correct token value. Anyhow, if the victim clicks the link, that will not be harmful. because the  token verification will fail.

For the first step we want to create the session in the client side (index.php). Then we want create a cookies and set session id to the cookie. It shown the below figure (figure 1).



                                                               Figure 01


After executing the code, a cookie(session_id) will be created and which will contain the 'current session ID' of the client as shown in figure 02.


                                                              Figure 02


Now we should request to the server to get the CSRF token when client page is loaded. (Using Ajax we can  send data to the server in the background). So we have to create a file called 'config.js' and create a function there. This function's work is to send a request to server side and grab CSRF Token and store it in the 'hidden DOM' field on the client side when the page is loaded. The code for the function is shown as in figure 3.



                                                                Figure 03

Now the 'index.php' has to be called.


                                                              Figure 04

If the user press the login button, it will redirect to 'server.php' page. So in this page we have to do all the validations in server side such as login. Code for login validate is shown in Figure 5.

                                                                 Figure 05

Visit here for the full code.

Comments

Post a Comment

Popular posts from this blog

OAuth Authorization

OAuth is a framework for access delegation. What it does is giving access to a website or a web application to get the information on another website or web application. This is how the OAuth works 1. When the user don't have account, user asks the application to login with third-party services like Facebook/LinkedIn .  2. The application asks the user get permission from Facebook/ third-party services.    3. User ask third-party application to give permission for the application. 4.  Third-party application give authorization code for the application to get access to resources.    5. Using the authorization code user get the token from the third-party application.  6. By using the token application get information needed.  7. Now the user is login with the application as a valid user . Register the application To register visit to  https://developers.facebook.com/ and login to it using your Facebook email and p...
Post a Comment
Read more

CSRF protection using double submitted cookies

In Synchronize Token method the client and the server both should generate the same token value. The server has to do what client does. So it will be a heavy load to the server,Therefore we are using double submitted cookies method. If we need to use double submitted cookies, the javascript should run in in the cookie. So HTTP Flag should be off. In here we are sending the same cookie (that means our session cookie) through HTTP body and the HTTP header. So the server will validate if the cookie coming from the body and the header are same or not and accept the request or deny. In the client side (index.php) we create the session and store it in the cookie.After that create a token and store it in a new cookie.                                                                      Figure 1 ...
Post a Comment
Read more