CSRF and XSS: Definition
Cross-Site Request Forgery (CSRF) is an attack aimed at vulnerability in computer security, which is one of the biggest problems for user information and accounts because it all makes so that the web browser performs undesirable actions in the application and thereby harms the user who has already logged in to the system. A successful attack can result in unauthorized money transfers, data theft, change of passwords, and damage to customer relations.
Cross-site scripting (XSS) is a Web security vulnerability through which an attacker separates Web sites, thereby jeopardizing user interaction with the application. But to avoid being seen by the attacker, one should avoid the same policies of origin.
Work Algorithm of CSRF and XSS
Cross-Site Request Forgery (CSRF)
CSRF attacks often use social engineering to make a successful attack. Unfortunately, the app cannot distinguish between a legitimate request and a fake one, as the user is already authenticated during the attack. For the attack to be successful, the attacker uses three main keys, which we present below:
- Relevant action: Any action with user data.
- Cookie-based session handling: This key includes sending one or more HTTP requests, and the application uses only cookies to identify the user.
- No unpredictable request parameters: To prevent an attacker from knowing or guessing the value of a query, the query does not contain any parameters.
Cross-site scripting (XSS)
To make this attack, the attacker uses two stages:
- Before launching the malicious code into the victim’s browser, the attacker is looking for a way to embed malicious code into the web page visited by the user.
- If the attacker sends malicious code to a specific victim, he does it by phishing or social engineering. Once the malicious code is embedded in the web browser, the victim must visit this infected website.
What is the Difference Between XSS and CSRF?
If we already know the meaning and how XSS and CSRF work, then let’s consider the difference between them:
- XSS – allows an attacker to perform any actions in the user’s browser he wants to attack. CSRF – in this case, the attacker takes all the ways to make the user himself perform actions that he did not intend to do.
- XSS – a successful exploit of this vulnerability can do everything to ensure that the user performs any action, regardless of the vulnerability’s functionality. CSRF – often applies only to those actions that the user can perform.
- XSS is a two-way vulnerability. This means that a script that an attacker has implemented can read answers, exfiltrate data into an external domain, and issue arbitrary queries. CSRF – but this vulnerability is called one-sided because the attacker can do everything to make the user execute the HTTP request, but he cannot get an answer to it.
Can CSRF tokens prevent XSS attacks?
If you use effective CSRF tokens, you can prevent XSS attacks.Assume that the server still validates the CSRF token correctly, in which case the token may prevent an XSS vulnerability. If we think carefully about the name “intersite scripting”, we can understand that it hides a hint that we can see the intersite query in the reflected form. The application prevents the trivial use of an XSS vulnerability, thereby preventing an attacker from faking an intersite request. Here are some important caveats:
- The existence of an assumed mirrored, tokenless XSS vulnerability, somewhere within a function, can be used in the usual way.
- If a CSRF token protects actions, they can still be performed by the user, with an XSS vulnerability somewhere there that could be exploited. In such a case, the attacker’s script may request the corresponding page to obtain a valid token. He can then use the token to perform any protected action.
- If XSS vulnerabilities are already stored, CSRF tokens cannot protect them. You can only use the page that is the output point of the stored XSS vulnerability protected by the CSRF token. At the same time, the XSS payload will be performed when the user visits the page.