Double Submit Cookie(DSC)

This blog will discuss about Double Submit Cookie which is the second prevention mechanism of CSRF attack. If you are not aware of CSRF attack and how it works read my previous blogs regarding it.

In the last blog we discussed about Synchronizer Token Pattern, and I mentioned it holds a drawback when there are more login sessions because the server will store the CSRF tokens against the session IDs which might lead overload in the server. This is where the Double Submit Cookie(DSC) comes in play. In DSC, server doesn’t store the token. This is why DSC is also called as Stateless CSRF Defense.

How it works

The above diagram shows how the client browser logs in using the credentials meanwhile a session is created and the session ID is set as the cookie in the client browser.

Next, the server sends the CSRF Token as set cookie header to set the cookie, User access the feedback page which was sent as a response. The CSRF token is extracted from the cookie header and append the Token as hidden file (either in the head or body). Form is submitted along with the CSRF Token and CSRF Cookie.

Server compares the CSRF cookie and the submitted token through the form. If both the are equal the next action is performed else the error message is sent.

For better understanding of this A simple HTML,JavaScript and PHP project is done.

The UN and Password is hardcoded as anony@gmail.com and gT$0om

1.Login with the credentials

Client uses their credentials to login.The server generates Session ID and set it as cookie also generates CSRF Token and store it in a cookie. The following code shows how the token is generated

The server generates the session ID and Token, The token is generated with the help of openssl_random_pseudo_bytes which use to generate random numbers. These random numbers are encoded in base64_encode so that it will be hard to read even when intercepted. The client is redirected to the feedback page to give their thoughts.

2.Feedback Form sent as response along with Set-cookie Header

The above code is same as the form created in Synchronizer Token Pattern, the token should be sent in a hidden field, but the function created is to get the CSRF Token from the Cookie which was received from server.

Take the cookiename as parameter (cname). Create a variable (name) with the text to search for (cname + “=”). Decode the cookie string, to handle cookies with special characters, e.g. ‘$’ Split document.cookie on semicolons into an array called ca (ca = decodedCookie.split(‘;’)). Loop through the ca array (i = 0; i < ca.length; i++), and read out each value c = ca[i]). If the cookie is found (c.indexOf(name) == 0), return the value of the cookie (c.substring(name.length, c.length), else return “”. If you need further more details on cookies in javascript look in this.

This source code checks both the cookie and the token are same. If both are equal the next necessary action will take place else denies. This is how the DSC helps to prevent CSRF attack.

The most frequently asked question is “Is the web application safe now?”, I would say “It is partially safe”, DSC is an solution for the drawback in Synchronizer Token Pattern (STP) which might overload the server as the Session IDs and the Tokens are stored in the Server Database. Cookies with sensitive server metadata should be tagged as HTTPOnly flag but in DSC the cookies aren’t tagged in that way, next if the subdomains have potential XSS vulnerabilities it might affect the upper domains. We have to make sure that the web application is XSS-resistant if the application is in the sub domain.

In order to learn more about these, check out this presentation.

Synchronizer Token Pattern (STP)

Last blog covered the topic on what is CSRF and how it works. This blog is the continuation of CSRF attack prevention. Synchronizer Token Pattern is one of the main solution for the CSRF attack.

What is STP?

It is a CSRF prevention technique where a “token”, which is a secret,unique value for every request is embedded within the web application ( in HTML Forms which is verified on the server). It was able to see that CSRF attacks only targeted state-changing requests. Since there is no way to see the response to the forged request,data theft cannot be done.

Prevention

Generate a random string in server side and append it to the body of the front end. Check both values when user submit web page.

The above diagram shows how the STP is used in HTML POST Forms to prevent from CSRF attack. The Token stored in the server and Token in the hidden file are compared to check whether both are same, so that the next action could perform. By implementing this prevention method, The CSRF attacks which are done through POST method by the attacker is blocked.

For better understanding of this A simple HTML,JavaScript and PHP project is done.

The UN and Password is hardcoded as anony@gmail.com and gT$0om

1.Login with the credentials

Once the client logs in with their credentials, a session ID is created then they are redirected to the feedback form.

2.Feedback Page sent as response

You can observe that there is a hidden input in the source code of the feedback form below without a value. The CSRF token will be set as the value as soon as the response is given to the ajax call.

To exchange data with a server in the backend, XMLHttpRequest object is used. (To know about XMLHttpRequest visit https://www.w3schools.com/xml/ajax_xmlhttprequest_create.asp )

open() and send() is used to send the request to the server, these are the methods of XMLHttpRequest

onreadystatechange	Defines a function to be called when the readyState property changes
readyState	Holds the status of the XMLHttpRequest.

Ajax call is sent to request for a token in the server, In my project I have used a separate PHP file to generate the token.

3.Creation of Token

Token which is generated should be a random number therefore, openssl_random_pseudo_bytes is used to generate random numbers. These random numbers are encoded in base64_encode so that it will be hard to read even when intercepted.

The generated token is stored as a Session Variable and written in the text file, to identify the token, the session ID is stored along with it. To write in the text file

Once the file is written, the Session token can be sent as a response to the Ajax call.

4.Token stored in Hidden File

5.Token Comparison for Validity

Comparing the stored token with the received token

If the form is from the genuine website, it would have the hidden token and it would be successfully validated. Although STP prevents CSRF attack it has its drawback which is, the need to store token and session pair for each user in the server. This might overload the server if there are too many users logged in. (Remember the validation is done in the server side). Double Submit Cookie helps to overcome this drawback.

Cross Site Request Forgery (CSRF)

Introduction

Cross Site Request Forgery (CSRF) is an attack where the attacker use the victim to execute his planned attack using the legitimate URL and the hosted website which looks same as the original site. This attack is done by tricking the user to perform unauthorized POST/GET arbitrary HTTP requests on behalf of the user who is currently authenticated to a particular website.This attack is also known as “Session Riding” or “One Click Attack”.

Prevention from this attack is possible. There are two main security pattern we can implement to prevent CSRF attack. Before looking into prevention let me explain CSRF with an example.

Understanding the system and finding the weak spot to attack

Example

Although there are many ways to trick the victim into loading information from web application or to submit information, the first step to execute this attack is to understand the selected web application and to generate a valid malicious request to execute.

Scenario: Alex transfer money to Greta using a web application which is vulnerable to CSRF. Chloe wants to trick Alex and transfer the money to her account.

Here, we need to understand what requests is used to transfer the parameters and execute the actions (GET or POST).

GET Method :

http://hamana.com/transfer.do?acct=Greta&amount=250 HTTP/1.1

the above request is similar to a money transfer request. Here what Chloe does is take the original command URL and transfer the amount to her account by changing the beneficiary name as follow.

http://hamana.com/transfer.do?acct=Chloe&amount=3000

The above mentioned exploit URL can be attached as link which makes the victim click it or as a fake image.

Post Method:

If the bank uses POST request then the above request cannot be executed instead it can be delivered using a FORM tag. This form will need the user to click on the submit button by executing Javascript “onload” function.

I hope it is clear to you on “How CSRF attack works”. Let’s see the prevention methods of CSRF in the upcoming blog post.

Work Smarter Not Harder

Being a college student I know how hectic a lecture could be, Our intension of being in the lecture is to grab all the important points the lecturer say.

The most easiest way is recording, we record the lecture via a smart phone or using a recorder else, we transcribe everything we hear using a laptop or smart phone in digital notebooks. Isn’t it amazing? The way technology is helping us.

What about you? Are you using the same technique I have mentioned above? Just because you use your smartphone to take down notes it doesn’t mean you are working smarter. You are making your learning process harder.

Electronic devices such as laptops, smartphones are common in lecture hall world widely. These devices has high tendency to distract the students during the lecture — students tend to click on messages, notifications from social media during a boring lecture to make their dull sessions interesting.

Students tend to take digital notes and end up taking verbatim notes in their devices. Taking down notes using pen and paper is considered as old-fashioned way, but it turns out to give more advantages than typing your notes faster.

Studies show how effectively a student can remember what they have learnt in their lectures when they write down their notes instead of typing them.Responses of students who type their notes is less than the student who take down notes by writing when a question is asked regarding their study material.

Those who take down notes digitally, put extra effort to remember what they have studied where they could have used that time to study on furthermore deeply about the module.

Sometimes being old-fashioned helps us better than the technological devices.

What is being Beautiful?

I asked my sister “What is being beautiful?”, First thing she said was ‘Slim figure, perfect bust and butt shape for women and six packs, muscular body, visible jawline for men.’ , ‘Big eyes, small and cute nose, pink lips, clean, acne free face.’

I travel a lot, I have quite a big friends circle but many aren’t like the way she mentioned, but they are trying to be like the definition she gave. If you think the same, Welcome to the world of madness. The definition what you think of being beautiful is completely wrong.

Every individual tend to reduce weight by quiting meals in the name of ‘dieting’ , apply day and night cream in the name of ‘becoming beautiful’ . We forget, that each and everyone of us are beautiful in our own way.

What are we trying to hide? If a person couldn’t love you for the way who you are right now, how could you expect it to be true love? Beautiful isn’t something about outer appearance, it’s all about inner beauty.

If you are with acne free face, long blonde hair, perfect body and your heart isn’t kind enough to show love to others, don’t even consider yourself close to being beautiful. That’s not what being beautiful is all about.

Elegance and simplicity combined with kind-heart is the real beautifulness every man and woman seek for. Try to build your inner beauty than your physical appearance.

Think and Change :

Which suits you better, inner beauty or physical appearance?

Is It Necessary?

We live in the world where everything has been changed due to modern culture and technological evolution. We often tend to change ourselves and adapt the changes. The question here is, “Have we evolved from everything and adapt the changes?”

Do you have any idea what citizens of various country do everyday without hesitation? Some would say “eating”and many would say “sleeping”. take a break and think twice.

The only thing we do without any hesitation is to complain. Most of the time even without us being aware of it. This habit has been with us since childhood, I know quite few people won’t accept this statement but this is the truth. Let me cherish one of your moment in your life when you were young.

Your sibling would have eaten your favourite dessert which your mother had kept for you. Did you forgive your sibling when you got to know this? Be honest, None of us would have forgiven our sibling instead we would have gone to our mom and complained about this act of our sibling.

Habits don’t fade away easily, people try to change their habits but only some changes it.

Is it even necessary to complain when you are indignant, low-spirited, frustrated? I’m not notifying “Never Complain”. Complain only in instances where you believe it will effect real and positive change.

Think and Change.

This is not the End

I want you to know that, no matter what you are in your life, no matter how low you have sunk, no matter how bleak your situation is this is not the END, this is not the end of the story, this is not the final chapter of our life.

The world right now is in the middle of a mental health crisis. It’s estimated almost half of the population suffers from depression at some stage throughout their life. It’s okay to have depression it’s not something to be ashamed of.

Rather than joining the queue, it’s important we learn why we get down and then how we can change it. Believe it or not we create our own negative feelings and we can also ensure that we turn our lives around and be positive change for others.

The reason that anyone gets depressed always comes to the consistent thoughts we think and the consistent belief we hold. If I hadn’t had a soul then; back in my childhood to give a hand for me, I wouldn’t be who I am today in this society.

It’s absolutely okay being in depression but not to live with it.

In conclusion,whatever pain you are suffering from, how can you ensure it won’t show again? Take steps to ensure you be in better place next time. Take little steps and soon you will be at the top of the staircase.

The bravest thing I have ever done was continue to live when I wanted to die

– Juliette Lewis –

Prevent yourself from “You know who”

My last blog was about how people tend to hack us to get benefitted from us. How can we be on the safe side?

Think before your share – Most of us share our private life publicly when we are happy, sad, or angry Even sometimes,when we feel alone. During this we forget that, we give information to people we are familiar with and also, to unknown people. Remember, Information is valuable.
Log out from your social media accounts – This is the mistake all of us have neglected over past years. There is always a third person who would love to poke their nose in to our life and we give them a chance to look how fragile we are.
Don’t let a small attack break you easily – Build your system strong, Give tough game for the attacker to hack you, Out in the world, many systems (humans) break down for small attacks (problems).

Summing it up with the quote which always makes me stronger enough to conquer the day

“Your Ignorance is their Power”

Brave Move

This case study which I’m currently reading, made me re-think how vulnerable we are. Let me share it. A bank gave an interest of $14.5467 to their account holders which the system only calculated $14.57 the amount of $0.0067 wasn’t calculated. Using this chance a bank employee created program which credits $0.0067 to his account. No one knew until he said about his brave move to his collegeue which brought his job to an end.

Being brave is needed,Make sure you make a move, a wiser move.

Look how the employee took a chance on the vulnerability of the system, same happens within us. People tend to use our vulnerability to hack us and make sure they get benefitted from us.

How do we protect us from this vulnerability attack? Read the the upcoming blog to know about it 😉 .

Recollecting the moments

Today was a great start in my life, for the first time I got myself boarded in a hostel and did all my chores on my own. My day begun with a call from my dad. I left my hostel around 8am to my college library to read Security in Computing ; a reference book for my degree programme.

I wasn’t a good kid during my 1st year I bunked classes but not anymore because the passion which I always wanted started today. Cyber Security. My lecturer talked about Software Security, Network Security, Hacking and GRC and said about how his journey started in Cyber World : His first hacking passion and interest, which made me recollect my passion in Cyber World.

I think my journey has begun. It’s my turning point which I always wanted. 🙂