Friday, July 20th, 2007
CSRF Redirector
Joe Walker will probably be happy to see this, and will be able to test DWR with it. Chris Shiflet has created a simple CSRF Redirector inspired by the XSS POST Forwarder:
It’s a simple tool that makes it easy to test CSRF using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a POST request is complicated.
To use it, construct a URL of the form http://shiflett.org/csrf.php?csrf=
URL&NAME=VALUE, whereURLis the (URL-encoded) target site, andNAMEandVALUErepresent a name-value pair, of which there can be zero or more.
Google’s online security team recently posted about Automating web application security testing which discusses various XSS issues.
“…as reducing the misconception that forging a POST request is complicated.”
I think the author is confused about why we limit certain requests to POST to prevent CSRF attacks. It’s not because POST is harder to do and therefore harder for a hacker to pull off. It’s because it protects against a specific set of attack vectors present in most email clients today. And the “CSRF Redirector” technique won’t work in those vectors.
How can we detect this when it happens?
Thanks,
Bill Wardell