🛡️

Understanding Cross-Site Request Forgery (CSRF)

May 12, 2025

View transcript

Cross-Site Request Forgery (CSRF)

Overview

  • CSRF: is a web vulnerability where the attacker tricks user into trigging unwanted actions, usually by using hidden forms , images or ads that execute malicious requests when clicked.
  • Goal: The attacker uses data from a legitimate site to craft a request that looks identical to a legitimate request to the server.
  • Impact: The web server cannot differentiate between legitimate and forged requests, approving both.

Real-World Examples

  • 2020 TikTok Attack: Allowed attackers to perform a one-click account takeover by changing user passwords.
  • 2008 YouTube Vulnerability: Enabled attackers to perform actions on behalf of users, such as sending messages and commenting on videos.
  • 2008 ING Direct: A Dutch bank faced a CSRF vulnerability that allowed attackers to transfer money from users' accounts.

How CSRF Attacks Work

  1. Browser Requests: Initial interaction involves a browser making a "GET" request to a server to retrieve a webpage.
  2. Session Management:
    • Upon a valid login, the server generates a random string known as a Session ID, used to authenticate users without re-entering credentials.
    • The session ID is stored in a cookie on the browser.
  3. Automatic Cookie Sending:
    • Cookies are sent with every request to a web server, which makes the attack possible.
    • Different cookies are sent to the respective web servers they belong to.

Attack Mechanism

  • Malicious Request Crafting:
    • Attackers create a website with code that executes a malicious request (e.g., transfers funds, changes passwords).
    • Code mirrors the legitimate form but includes altered values.
    • The request is hidden, such as in a form, image, or advertisement.
  • Execution:
    • Upon clicking a link, a hidden form sends the request, with the browser automatically attaching the session ID.
    • The server, seeing a valid session ID, approves the unintended request, leading to unauthorized actions (e.g., bank transfers, account takeovers).

Protection Against CSRF

  • Protection strategies will be covered in the following video.

Conclusion

  • CSRF is a serious vulnerability enabling unintended actions on behalf of the user.
  • Understanding browser interactions and session management is crucial to comprehending how CSRF operates.

Note

Stay tuned for the next video on how to protect against CSRF attacks.

Full transcript