Preventing Image Based Cross Site Request Forgery Attacks

Date Added: Jul 2009
Format: PDF

Cross Site Request Forgery (CSRF) is an attack on web applications which exploits the trust of authenticated users. This attack allows a partially compromised site to make arbitrary HTTP requests on behalf of victim user who is currently logged in to a site. Currently very few defensive mechanisms like secret validation token, referer header, custom HTTP header and origin header are available to prevent this attack. This paper presents a client-side proxy solution that detects and prevents CSRF attacks using IMG element or other HTML elements which are used to access the graphic images for the webpage.