Dynamic Cross-Site Request Forgery: A Per-Request Approach to Session Riding

Download Now Free registration required

Executive Summary

Cross-Site Request Forgery ("CSRF") is typically described as a "replay" or static type of attack, where a bad actor uses markup, Javascript, or another method to force a client browser to perform a known, repeatable in-session transaction on the affected site without the user's knowledge. Typical defensive measures against CSRF address this by creating unique, per-session or per-request tokens that aren't typically available to an attacker, and by checking for other browser behaviors such as referring URL. This paper describes a number of approaches to construct "Dynamic" CSRF attacks, forging unique requests on an automated, per-target basis, even in scenarios where Cross-Site Scripting or Cross-Domain issues don't exist.

  • Format: PDF
  • Size: 570.9 KB