Lets learn "Cross Domain Referer Leakage / Cross Site Request Forgery"

-

 Welcome Back ! Guys


Lets get to know about a new web vulnerability known as Cross Domain Referer Leakage . We'll use BurpSuite in this tutorial . If you are not familiar with the burpsuite then I would recommend to visit Introduction to web Application Security tutorial , and then come back to this tutorial to learn about Cross Domain Referer Leakage . It is also known as CSRF(Cross Site Request Forgery).

What is Cross Domain Referer Leakage or Cross site Request Forgery?
Whenever a request is created from browser , a HTTP header is send with the request which contains attributes like Content-type(what type of data is being sent in request) , Agent ( which agent is used to make a request - Chrome or Mozilla or Python ) etc . On of such attributes of interest is "Referer" indicating request is coming from which site . For example : Say A friend send you the link to some website in facebook message . When you open that link the HTTP header in contains a referer as 'www.facebook.com' and the request to site is originating from "www.facebook.com" .If the originating URL contains any sensitive information within its query string , such as session  token, then this information will be transmitted to other domain . If the other domain is not fully trusted by the application , then this may lead to security compromise . This security issue is known as Cross domain referer leakage or Cross site Request Forgery .

Is this defination getting complicated ?

Lets make it easy with an example :

Suppose we are adding some product to cart at flipkart.com .To do this we click on add button and a request is created to its server and item is added to its cart . Suppose we capture the add to cart request and send that request to any facebook friend . So when facebook friend (to whom link is sent ) opens the link it will be redirected to flipkart.com and that specific product gets added in his cart as well . Some event happened without any information known to user . This is cross domain request forgery . Now Flipkart does not want this , it wants that an item is added to cart only if the user wants and himself click on the button , not by clicking on any unknown link . So lets see how flipkart solve this issue  by capturing the add to cart request on burpsuite . Again if you are not familiar wth burp suite I would recommend to read this first and then come back .

Capturing flipkart add to cart request using burpsuite :

Step 1 : Configure burpsuite with your browser .
Step 2 : Open flipkart.com and add some product to cart .
Step 3 : Find that request in http history in burpsuite .



In above image , you can see the referer passed in the http request header . Now on the server side it is checked wheather the request is coming from the flipkart.com or facebook.com . If it is flipkart.com then add item to the cart else just ignore the request .


Another method to prevent CSRF is to add csrf-token to every request made . A token is provided as meta data in the html page by the server . When the request is made from the site itself( actually add to cart button is clicked) , then javascript add the token to request header . But if the request is made from other domain like facebook.com then request header donot contain the csrf token so server simply ignore the request and declare it as CSRF issue .

Hope at this position , you are able to understand what is cross domain request forgery is.
For any queries or problems , please comment below .
And stay tuned for the upcoming tutorials on other web application vulnerabilities .

Until Then ...'
HAPPY HACKING !!

Comments

Post a Comment

Popular posts from this blog

Lets learn "About kube proxy in iptables mode"

-
Image
In this tutorial, we'll learn about the Kube-proxy in iptables mode. Basically, we'll see how Kube-proxy create iptables that help in load balancing and service discovery. If you are not familiar with Linux IPTables I would recommend to check out my tutorial on IPTables here  first and then come back to read this tutorial. Kube-proxy Kube-proxy when running in iptables mode basically watch kube-apiserver for new endpoints and create corresponding iptables rules and iptables are fully responsible for service discover and proper routing of traffic to corresponding pods. Kube-proxy needs to run on all k8s worker nodes. Below is a small video describing the working of kube-proxy in iptables mode.  src:  https://www.slideshare.net/CJCullen/kubernetes-networking-55835829 Now that we know what Kube-proxy is and how it Kube-proxy works, let deep dive into the types of iptables Kube-proxy adds to the firewall. Kube-proxy added IPTables To learn this let's consider an example. Consid
Read more

Lets learn "System design for paste bin (or any text sharing website)"

-
Image
  In this tutorial, we'll learn about the system design for PasteBin. If you don't know what Pastebin is here goes its definition. Pastebin is a type of online content hosting service where users can store texts to share with others over the internet.  Pastebin system design requirements  Functional Basic - User should be able to paste the text, generate the link and share the link with other users. There should be the max size of the text that our system will support (say 10Mb) Users should be able to provide the custom URL path for the link created. Like if a user wants to create the links  www.pb.com/letlearn, he can give this URL and pastebin should create a link using this URL to share with others. The link or paste expiry feature should be there for each stored text. There can be default expiry time say 1 year but this should be configurable. Personalization means the user should be able to login to track all the pastes created by him and manage them. Non-Functional Durab
Read more

Lets learn "Factory design pattern"

-
 In this tutorial, we'll learn about the factory design pattern as in what it is, in which use cases this is being used and how it works. If you've are not familiar with what are software design patterns and what are its different types check out this tutorial. Introduction A factory design pattern is a creational design pattern that is related to object creation. In this pattern, we'll have a method to create an object without exposing its creation logic to the client. If a class method is creating an object it has to be static.  The idea is to create a static method ( factory method ) which instantiates a class without exposing its logic to the client and the client can use that method every time it needs to create an object of the class. The reason why the factory pattern is useful is that as it does not expose the logic of object creation, so if logic is changed, the client code need not to be changed. Usecases The place where this pattern is mostly used is library cod
Read more