Before we begin to learn what a Double submit cookie pattern is , lets learn what a double submit cookies is. A definition that we could use is that is sending a random value in both a cookie and as a request parameter, with the server verifying if the cookie value and request value match.
When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session id. The site does not have to save this value in any way, thus avoiding server side state. The site then requires that every transaction request include this random value as a hidden form value (or other request parameter). A cross origin attacker cannot read any data sent from the server or modify cookie values, per the same-origin policy. This means that while an attacker can force a victim to send any value he wants with a malicious CSRF request, the attacker will be unable to modify or read the value stored in the cookie. Since the cookie value and the request parameter or form value must be the same, the attacker will be unable to successfully force the submission of a request with the random CSRF value.
Following can be used if you require to have additional defenses to strengthen double submit cooki patters
- HTTP Strict Transport Security (HSTS)
- Cookie Prefixes ("__HOST-" the one you want)
- Sign cookie to user
- Use custom HTTP header to send request token
This is how we can do double submit cookie
using java-script we can load csrf token into form filed with hidden values. also in here we also check user submissions in back end,whenever user request a page he/she gets a totally random value, so he/she cant predict it and perform exploitation againts legitimate users
And remember to set cookie domain,this prevent from reading cookie value from another address rather than you mentioned one
No comments:
Post a Comment