-
Notifications
You must be signed in to change notification settings - Fork 0
CSRF
The goal for this lab is to learn the basics of CSRF attacks.
Cross-site request forgery (CSRF) is a vulnerability that may exist in web applications and that allow a malicious user to perform actions in a site where the victim has an active session.
These attacks involve 3 parts:
- A vulnerable trusted site (
T
) - A victim (
V
) that has an active session inT
(for the sake of simplicity let's say that the victim is logged in inT
) - A malicious site (
M
) controlled by the attacker that contains malicious code.
The attack is simple. Suppose that the trusted site T
is vulnerable to CSRF attacks, and that V
is logged in in T
. Then if the victim visits a malicious website M
containing malicious code, this malicious code will run in V
's web browser and will perform an action in T
(on behalf of V
). As in the case of XSS
this code is usually written in the form of a small JavaScript program.
Although simple, this vulnerability is very powerful as an attacker may perform actions in a legitimate site using the credentials of the victim.
To demonstrate these attacks we will use our purposely ill-developed blog application.
Remember, you must be in the IST VPN in order to be able to play these challenges.
This problem is running at http://mustard.stt.rnl.tecnico.ulisboa.pt:12006
Start by teaming up in groups of two for this task (one will play the victim (V)
and the other will play the attacker (A)
) and understand the concepts behind Cross Site Request Forgery (CSRF).
-
Look at the new website. CSRF requires the existence of an authenticated session. Is there any insecure authentication mechanism?
-
Exploit it! You will need some basic cooperation from
V
.-
V
logs into our trusted (but insecure) blog website. -
A
creates a malicious websiteM
that will exploit this vulnerability. -
A
should now lureV
into going toM
.- This will perform an action in
V
's account without him noticing.
- This will perform an action in
- Did something changed in
V
s account? - There is no flag for this task.
-
-
Tips:
- for
A
: You may want to use Burp Suite or OWASP ZAP to look at how the authenticated requests are being made. In particular, look at theupdate_profile
operation. - for
A
: You may use yoursigma
account for this. Create a folderssof
under the folderweb
and create there your malicious site.
- for
- Why are CSRF attacks possible?
- What counter measures could be put in place to protect
T
from CSRF attacks? - What is a CSRF token?
In this lab you learned that it is possible to execute unintended actions in a web site where a victim is logged in, if that website is vulnerable to CSRF attacks. You also learned that it is possible to prevent these attacks with the addition of tokens other than cookies.
- Home
- SSof Scoreboard
- Virtual Machine Details
- Basic usage of tools
- Using Burp Suite as a Web Proxy (2019/20)
- gdb Basics
- Labs
- Still to be updated to current year
- Lab Extra - Reverse Enginneering (2018/19)