1 / 7

Cross-Site Request Forgery (CSRF) Attack Lab

Cross-Site Request Forgery (CSRF) Attack Lab. Zutao Zhu 11/10/2009. Outline. Basic idea. Basic Idea. 1. The victim user logs into the trusted site using his username and password, and thus creates a new session.

amish
Download Presentation

Cross-Site Request Forgery (CSRF) Attack Lab

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cross-Site Request Forgery(CSRF) Attack Lab Zutao Zhu 11/10/2009

  2. Outline • Basic idea

  3. Basic Idea • 1. The victim user logs into the trusted site using his username and password, and thus creates a newsession. • 2. The trusted site stores the session identifier for the session in a cookie in the victim user’s web browser. • 3. The victim user visits a malicious site. • 4. The malicious site’s web page sends a request to the trusted site from the victim user’s browser. • 5. The web browser automatically attaches the session cookie to the malicious request because it istargeted for the trusted site. • 6. The trusted site processes the malicious request forged by the attacker web site.

  4. Task 1 • Use GET method • form data is to be encoded into a URL (key-value pairs) • Put everything into the URL • Use LiveHttpHeader to observer how img tags sends a request

  5. Task 2 • Use POST method • Build the form by your code • Submit the form by your code • Use LiveHttpHeader to observer how img tags sends a request

  6. Task 3 • Use your Task 2 code to attack originalphpbb.com • How phpBB protects? • Use LiveHttpHeader to observe • POST message includes the sid (cookie)

  7. Questions?

More Related