What is CSRF?
It is a vulnerability in an application where an attacker tricks a victim to perform an operation that they didn’t intend to.
How does this work?
CSRF exploits the trust a web application has in the user who has logged in to the application. The adversary thru social engineering tricks the victim to get distracted and perhaps clicking a link via email or chat and trick the users of a web application into executing actions of the attacker’s choosing.
CSRF Impacts
The impact of CSRF is limited to the functionality of the applications. If the application is a social media site, perhaps it could update the status, post a message that the user didn’t intend to, or account takeover (in extreme cases). If it’s an e-commerce or financial site — could be buying products they didn’t intend to or transfer of funds, etc. The impact could vary from not much to very severe depending on the type of the application.
How do you prevent this?
To prevent CSRF attacks, the application needs a way to determine whether an HTTP request is legitimately generated by an application user Interface. One way is to generate a secure unique identifier (CSRF Token) for every session on requests that updates state and this token is validated on the server side. This token generated should be hard to guess and is random and secure. The easiest way is to use a secure hash function which is not stored as part of a cookie but instead shared with the client in a hidden parameter. Whenever a user initiates critical operations, which change state this is sent as part of the request, which will be validated on the server side and upon confirming the legitimacy of the request is allowed to succeed.
Setting up a same-site cookie attribute will add another layer of security.
Sample Payloads References for Testing..
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection
