1. What is CSRF Attack?
CSRF is an acronym for cross site request forgery.
In this attack, a genuine, logged in user is tricked into making
state changes from his browser.
2. What causes CSRF vulnerability ?
The attacker exploits the property of web browsers where the browser can
automatically include cookies set by a given domain, in any web request sent to
that domain(regardless of the origin of the request).
https://example.com
Example.com AppServer
http request to server
http response with cookie c1=v1 in
response headers
Cookie c1=v1 automatically added by
browser in subsequent requests to
example.com
Example.com
cookie
C1=v1
saved
!
Example.com
adds
cookie
C1=v1
to
response
headers
3. CSRF Attack
http://icicibank.com/login.jsp
ICICI Bank Application server
Auth Request
Auth_cookie=1234xx
SameSite=None
Auth_cookie=1234xx
Web Browser
https://attacker-
website.com/anypage.jsp
Cross site Form Post
(Auth_cokkie=1234xx) State modified
Verifying credentials.. Modifying state..
Checking auth cookie
https://attacker-website.com/anypage.jsp
Nishant
****
https://clarifyforme.com
Generating session cookie..
4. Conclusion
Now it should clear that if the browser sends cookies to the
application as request headers in cross site requests then there is a
possibility of CSRF attack.
5. Mitigation
SameSite attribute of cookie
SameSite=None : The browser will add cookies to request headers in cross
site requests.
SameSite=Lax : The browser will add cookies to response headers in cross
site get requests which lead to top level navigation but block them in POST
and script requests.
SameSite=Strict : The browser will NOT add cookies to request headers in
cross site requests.
CSRF tokens
Origin and referer header verification