CSRF

What is CSRF(Cross-Site Request Forgery)?

CSRF stands for Cross-Site Request Forgery, which is a type of security vulnerability typically found in web applications. It allows an attacker to induce users to perform actions that they do not intend to do. A CSRF attack specifically targets state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

Here's a basic example of how CSRF could work:

1. A user logs into www.example.com, where they have authentication privileges.
2. The site's response includes a session cookie which is stored in the user's browser.
3. The user later visits a malicious site, www.attacker.com.
4. www.attacker.com contains a code, say an HTML form or JavaScript, that makes a request to www.example.com (like a fund transfer, a password change, etc.).
5. Since the user's browser still contains the session cookie for www.example.com, this site considers the request to be legitimate and executes it.

This vulnerability exists because websites typically cannot distinguish between legitimate requests and forged requests. To mitigate CSRF, websites use various strategies like CSRF tokens, which are unique to each session and must be included as part of a valid request, making it difficult for an attacker to forge a request. Other strategies include checking the Referer header or using custom headers that are harder for an attacker to reproduce.