CSRF Attack
-
Upload
- -
Category
Technology
-
view
289 -
download
2
description
Transcript of CSRF Attack
![Page 1: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/1.jpg)
Cross Site Request Forgery
資安專題:跨站請求偽造
![Page 2: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/2.jpg)
攻擊手法簡介
What is CSRF?
![Page 3: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/3.jpg)
WHAT IS CSRF?
• 也被稱為 XSRF, on click attack / session riding
• Cross Site Reference Forgery
• 藉由使用者登入合法網站,誘導使用者點擊帶有攻擊碼的頁面。
• 藏有惡意 HTML / JavaScript 語法的頁面。
• 亦可能直接或間接的利用 XSS 的漏洞。
• CSRF是利用使用者所相信的合法網站
• XSS則是利用被 client 端信任的 application or website.
• 也曾利用輕量級標記語言做隱碼攻擊
• Lightweight markup language, like markdown, BBCode, JsonML, MakeDoc…etc.
![Page 4: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/4.jpg)
![Page 5: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/5.jpg)
攻防說明
攻擊流程
![Page 6: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/6.jpg)
情境––GET REQUEST
• 線上點數交易網站A,以 GET Request 完成消費扣款的操作…
• 消費扣款網址:
•
• 危險網站X 的 CSRF攻擊:
http://www.tosCard.com/Buy.php?UID=5566&money=1000
![Page 7: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/7.jpg)
情境––POST REQUEST
• 線上點數交易網站A,為防 CSRF 攻擊,改以 POST Request 操作。
• 消費扣款網站:
•
![Page 8: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/8.jpg)
危險網站X 的 CSRF攻擊(again)
![Page 9: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/9.jpg)
![Page 10: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/10.jpg)
Hint: PHP的 $_REQUEST ….
• Quote: 「The variables in $_REQUEST are provided to the script
via the GET, POST, and COOKIE input mechanisms and therefore
could be modified by the remote user and cannot be trusted.」 ––
http://www.php.net/
• $_REQUEST 預設可以通吃 GET, POST, COOKIE (甚至是$_SERVER)
5.2版之前
![Page 11: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/11.jpg)
情境––POST REQUEST ONLY
• 線上點數交易網站A,為防 CSRF 攻擊,改以 $_POST (post request only) 操作。
• 消費扣款網站:
•
![Page 12: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/12.jpg)
隱碼跟著進化….
![Page 13: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/13.jpg)
小結––
• CSRF的攻擊源於 WEB 的隱式身份驗證機制
• Web 身份驗證機制可以保證 request 來自使用者的瀏覽器,但卻無法保證request 是被使用者核可的。
• 當使用者進行以下行為,就有可能受到 CSRF攻擊:
• 登入正常的網站A,在 local 端產生 cookie
• 未登出網站A的情況下,瀏覽有問題的網站X。
![Page 14: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/14.jpg)
CSRF的防禦––
• Server side
1. Cookie Hashing
2. 驗證碼
3. One-Time Tokens
• Client side
![Page 15: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/15.jpg)
Let’s try it.
實例
![Page 16: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/16.jpg)
Question?
![Page 17: CSRF Attack](https://reader034.fdocuments.net/reader034/viewer/2022051400/553885e74a7959016b8b47f5/html5/thumbnails/17.jpg)
References––
• http://www.cnblogs.com/hyddd/archive/2009/04/09/1432744.html
• http://www.dotblogs.com.tw/joysdw12/archive/2013/09/16/asp-net-cross-site-request-
forgery.aspx
• http://www.cgisecurity.com/csrf-faq.html
• http://www.php.net/
• http://www.gpx.idv.tw/line_stic/details.php?s=539
• And other pics in google search engine.