Double Submit Cookies Pattern

-

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.


Cross-site Request Forgery(CSRF) protection via Double Submit Cookies Patterns.

In this technique, we send a random value in both a cookie and as a request parameter, with the server verifying if the cookie value and request value match. When a user visits (even before authenticating to prevent login CSRF), the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session identifier. The site then requires that every transaction request include this pseudorandom value as a hidden form value (or other request parameter/header). If both of them match at server side, the server accepts it as legitimate request and if they don’t, it would reject the request.

Implementation

User needs to login to the wesite.
(username “user” password “user”)

Login Page

When user clicked on “Login” button, invoke token.php to generate csrf token and cookie

token.php

Successful login user will be redirected to the moneyTransfer page (moneyTransfer.php). At the same time created token and cookie set to the hidden fields (tokenRequest.js)

Money Transfer Page
tokenRequest.js


User clicked on Send button, form will be submitted and both token and cookie will be validated.


If the token is valid shows success message.

Success Message
Source code: https://github.com/sakiladissanayake/DoubleSubmitCookiesPattern 

Comments

Post a Comment

Popular posts from this blog

OrientDB Quick Guide

-
OrientDB is an Open Source NoSQL Database Management System, which contains the features of traditional DBMS along with the new features of both Document and Graph DBMS. It is written in Java. It can store 220,000 records per second. OrientDB installation file is available in two editions : Community Edition Enterprise Edition The main feature of OrientDB is to support multi-model objects, it supports different models like Document, Graph, Key/Value and Real Object. It contains a separate API to support all these four models. Document Model OrientDB uses the concepts such as classes, clusters, and link for storing, grouping, and link for storing, grouping, and analyzing the documents. Comparison between relational model, document model, and OrientDB document model. Relational Model Document Model OrientDB Document Model Table Collection Class or Cluster Row Document Document C...
Read more

Cron Expressions

-
Cron expressions are used to configure instances of CronTrigger, a subclass of org.quartz.Trigger. A cron expressions is a string consisting of six or seven subexpressions (fields) that describe individual details of the schedule. These fields, separated by white space, can contain any of the allowed values with various combinations of the allowed characters for that field. Table 1 Cron Expression Allowed Fields and Values Name Required Allowed Values Allowed Special Charaters Seconds Y 0-59 ,-*/ Minutes Y 0-59 ,-*/ Hours Y 0-23 ,-*/ Day of month Y 1-31 ,-*?/LWC Month Y 0-11 or JAN-DEC ,-*/ Day of week Y 1-7 or SUN-SAT ,-*?/LC# Year N Empty or 1970-2099 ,-*/ Example Cron expression can be as simple as * * * * ? * or as complex as 0 0/5 14,18,3-39,52 ? JAN,MAR,SEP MON-FRI 2002-2010 ...
Read more