Your SlideShare is downloading. ×
Introduction to CSRF Attacks & Defense
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Introduction to CSRF Attacks & Defense

1,370
views

Published on

It's the PPT of the presentation at Null Hyd June 2014 meet. …

It's the PPT of the presentation at Null Hyd June 2014 meet.
I tried to make it as simple as i can :)
Share if you like and please let me know your suggestions :)

Published in: Technology, News & Politics

2 Comments
4 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,370
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
55
Comments
2
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Introduction to CSRF Attacks &defenses.
  • 2. Who Am I ? I’m P.B.Surya.Subhash, a 17 Year old Coder, Hacker and a student. Certified by Microsoft and was offered a job by Yahoo, Dell , Slideshare and a couple of other MNC’s Helped USA.Gov, Nic.in, NCSL, Netherlands. pbssubhash@gmail.com@pbssubhashFb.me/pbssubhashLinkedin.com/in/pbssubhash
  • 3. And many more…
  • 4. • What’s CSRF ? • Impact of CSRF • How to test websites for CSRF ? • Real time attack scenario of CSRF. • Defenses against CSRF • How to Bypass those defenses ? • Using CSRF to compromise DSL Routers • Conclusion  Agenda
  • 5. What’s this CSRF ? •CrosssiterequestforgeryabbreviatedasCSRFandalsoknownasSession Riding. •Forcesanendusertoexecuteunwantedactionsonawebapplicationin whichhe/sheiscurrentlyauthenticated.
  • 6. Impact  A successful CSRF exploit can compromise end user data and operation in case of normal user.  If the targeted end user is the administrator account, this can compromise the entire web application.
  • 7. That’s all ? • Anythinganauthenticatedusercando • Norestrictionfromsameoriginpolicy,except… • Attackerscannotreadresponsesfromotherorigins • Limitedonwhatcanbedonewithdata • Severeimpactonaccountability-Logentriesreflecttheactionsavictimwastrickedinto executing
  • 8. How to find these ?So lets break it ! (root@null: rm –rf /root/earth/security/)
  • 9. Let’s Exploit it !
  • 10. Killer Combination ! • Persistent Script Injection + CSRF = PWN3D
  • 11. defenses  The simplest one is to validate the Referrer header in the HTTP Request preventing the request from unknown sources.  The most popular one remains the token.  Custom HTTP Header like X-Requested-By: My Site.com – Not so popular…  Same Orgin Policy.  Re-authentication  Captcha
  • 12. Common Mistakes :- • Not validating the token .. • Not applying captcha properly. Example :- http://www.youtube.com/watch?v=zl0ARKQhoLA
  • 13. Misconceptions – Defenses That Don’t Work  Only accept POST  Stops simple link-based attacks (IMG, frames, etc.)  But hidden POST requests can be created with frames, scripts, etc…  Referrer checking  Some users prohibit referrers, so you can’t just require referrer headers  Techniques to selectively create HTTP request without referrers exist  Requiring multi-step transactions  CSRF attack can perform each step in order None of these approaches will sufficiently protect against CSRF!
  • 14. Intro on How to Bypass those defenses ? • Clickjacking • Bypassing SOP • Insecure CrossDomain.XML • Openly available exploits • Bypassing the captcha • Checking Token Validation • Checking header Validation • Converting POST based requests to GET based requests.
  • 15. CSRF to compromise DSL Routers ? • Home DSL routers aren't secure from specialized CSRF attacks. Once the DSL router is owned, attackers can have their way with the internal network. Initiate a connection to the new DSL router. Turn on remote management. Add a password to the Admin user account.
  • 16. Demo Time
  • 17. References :- • https://en.wikipedia.org/wiki/Cross-site_request_forgery • https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) • https://docs.djangoproject.com/en/dev/ref/contrib/csrf/ • https://projects.webappsec.org/Cross-Site-Request-Forgery • https://www.owasp.org/index.php/Cross- Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
  • 18. Anything to ask ?
  • 19. Bye ! Please drop your suggestions at @pbssubhash (or) pbssubhash@gmail.com Thank You!