Скачать презентацию Cross-Site-Request-Forgery Optimizing Traditional and Advocating New Prevention Methods
c0126aa09708cdd9acf6e7070b7166ca.ppt
- Количество слайдов: 14
Cross-Site-Request-Forgery Optimizing Traditional and Advocating New Prevention Methods Mark Jenne Tatiana Alexenko
CSRF Overview Forces user to send unauthorized requests by interacting with a malicious website. The “sleeping giant” of all cyber security threats. Can force someone to transfer money, change status on social networking site, buy stock, or any other action on a vulnerable website an attacker would like to exploit.
CSRF Overview
Original Project Plan Week 2: Reading and Preparation Weeks 3 -4: Perform Simple CSRF Attacks Develop testbed and exploit generated site Weeks 5 -7: Implement Defense Mechanisms Gain a better understanding of csrf attack mechanisms Referrer-checking, reconfirmation, any others Weeks 8 -9: Final Preparation Finalize project, conference paper, presentation
Alterations to the Plan Reconfirmation protection method Recon value to be based of off the trace path Trace path would not work since it would just go back to the user's browser. Would be unable to compare trace path of user and attack since both would lead to same machine. CCNC Conference Decided to submit paper to CCNC instead of ACM hotnets. Social Networking specification – had to find exploits in well-known social networks to present.
Test Bed Application Stock trading application Registered users can buy and sell stock based on prices from Yahoo Finance. Utilizes an AJAX request to retrieve stock information in real time Does not implement any CSRF protection methods – allowed us to concentrate on CSRF without the presence of XSS.
Test Bed Application
Sample Attack This attack uses Chris Shiflett’s CSRF Redirector. The CSRF Redirector creates a form with all the necessary inputs that submits to the target application on the vulnerable website.
Discovered Vulnerabilities Hi 5. com—Yahoo’s Social Networking Website Change Status Change Profile Skin Add Applications Sharebuilder. com—ING’s Online Stock Brokerage Buy/Sell shares of stock Requires 2 requests for attack
Referer Privacy Guard Firefox extension that disorders browsing history Will encourage more users to send Referer Headers Sends “garbage” requests to random URLs from user’s browsing history http: //sourceforge. net/projects/refererprivacyg/ Our extension is on Source. Forge available for download SVN repository for developers set up
CSRF Signature Detection Preview page content in sandboxed manner Don’t allow any state-changing requests until content is checked Find deep links and compare to URL in address bar Allow users to whitelist domain pairs Preview linked content—images, iframes Block forms with only “hidden” inputs Block self-submitting forms unless user approves
Conclusions CSRF can be prevented User: Log out and clear cookies often Developer Make sure website not vulnerable to XSS Use form tokens and use them wisely Check Referer header Lenient for now Possibly strict when privacy issue resolved
Conclusions CSRF can be detected While application specific, certain features are similar Limited number of tags and Javascript functions that can be used to implement and disguise attack Hidden and self-submitting forms have little practical use Whitelisting of trusted sites for user convenience
Questions