Who Am I ?
I’m P.B.Surya.Subhash, a 17 Year old Coder, Hacker and a student.
Certified by Microsoft and was offered a job by Yahoo, Dell , Slideshare
and a couple of other MNC’s
Helped USA.Gov, Nic.in, NCSL, Netherlands.
• What’s CSRF ?
• Impact of CSRF
• How to test websites for CSRF ?
• Real time attack scenario of CSRF.
• Defenses against CSRF
• How to Bypass those defenses ?
• Using CSRF to compromise DSL Routers
What’s this CSRF ?
A successful CSRF exploit can compromise end user data and
operation in case of normal user.
If the targeted end user is the administrator account, this can
compromise the entire web application.
The simplest one is to validate the Referrer header in the HTTP Request preventing the request from unknown
The most popular one remains the token.
Custom HTTP Header like X-Requested-By: My Site.com – Not so popular…
Same Orgin Policy.
Common Mistakes :-
• Not validating the token ..
• Not applying captcha properly.
Misconceptions – Defenses That Don’t Work
Only accept POST
Stops simple link-based attacks (IMG, frames, etc.)
But hidden POST requests can be created with frames, scripts, etc…
Some users prohibit referrers, so you can’t just require referrer headers
Techniques to selectively create HTTP request without referrers exist
Requiring multi-step transactions
CSRF attack can perform each step in order
None of these approaches will sufficiently protect against CSRF!
Intro on How to Bypass those defenses ?
• Bypassing SOP
• Insecure CrossDomain.XML
• Openly available exploits
• Bypassing the captcha
• Checking Token Validation
• Checking header Validation
• Converting POST based requests to GET based requests.
CSRF to compromise DSL Routers ?
• Home DSL routers aren't secure from specialized CSRF attacks.
Once the DSL router is owned, attackers can have their way with
the internal network.
Initiate a connection to the new DSL router.
Turn on remote management.
Add a password to the Admin user account.