What is Manual CSRF?
Manual Cross-Site Request Forgery (CSRF) is a type of security vulnerability where the attacker tricks the victim into submitting a malicious request. Unlike automated CSRF attacks using tools like Burp Suite, manual CSRF attacks involve directly crafting malicious requests and tricking the victim into submitting them.
Manual CSRF Attack Techniques
There are several techniques that attackers use to exploit CSRF vulnerabilities manually:
- Forced Browsing: This technique involves guessing the URL of certain server-side operations and forcing the victim's browser to perform those operations by using image tags, XSS, or other techniques to inject HTTP requests into the victim's browser.
- Session Riding: This technique involves performing actions on the victim's behalf by using the session cookie that the web application has issued to the victim.
- Cookie Injection: This technique involves injecting a cookie into the victim's browser, which is then used to authenticate a forged request.
Preventing Manual CSRF
Preventing CSRF involves using anti-CSRF tokens, checking the HTTP Referer header, and using the SameSite cookie attribute. Anti-CSRF tokens can be included in requests and verified by the server. They must be unpredictable and securely generated. The HTTP Referer header can be checked by the server to see if the request is made from an authorized page. The SameSite cookie attribute can be used to disable third-party usage for a particular cookie, helping protect against CSRF attacks.
Manual CSRF Code Example
<html>
<body>
<script>
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://bank.com/transfer.do", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send("acct=BOB&amount=1000000");
</script>
</body>
</html>This is a simple example of a CSRF attack, where an XMLHttpRequest is used to send a POST request to a banking website to transfer money without the user's consent.