1

Lets say an attacker controlling site B is exploiting the session a user has with site A. I know that the attacker is able to exploit the trust server A has for the user, but I don't understand how. Explanations of CSRF I have read make it seem like when the attacker makes a request to site A that the browser automatically includes the necessary authentication information because there is an active session and thus the attack is successful.

The 'browser automatically includes the authentication information' is what doesn't make sense to me. In applications I've worked on auth tokens or cookies are sent explicitly by the client code. So if the client code is specifying what header the token is being sent in for instance, how could the attacker know this?

aeb0
  • 816
  • 9
  • 12
  • 1
    CSRF mostly (or only?) addresses cookie-based authentications. – zerkms Oct 30 '17 at 02:48
  • @zerkms yep that appears to be it - cookies are automatically included by the browser while tokens are not. The second answers here states token based auth is immune to CSRF. https://stackoverflow.com/questions/17000835/token-authentication-vs-cookies – aeb0 Oct 30 '17 at 03:08

0 Answers0