###############################################################################
### A simple example of Cross-site request forgery attack using PHP
## File-Descriptions:
# WebApp with xsrf-vulnerability:
# - index.php, content.php, logout.php
# Malicious Website/link:
# - mal.php
## In order for the attack to be successful, there must be some requirement:
# - The victim (user) must be logged in and active on the target website
# - The victim is tricked to visit a page created by attacker.
## Preventing against XSRF:
# To protect against the attack above, we need to make sure that the request sent
# to server is actually sent by the real user. In other words, we need to
# authenticate the user. We can achive authentication by sending a token along
# with the request. In order for the token to be secret, it should be randomized
# when user logs into the system and send with it in every message.
# By dynamically randomization of the token, we can also avoid the brute force
# attack on the token. It is also advisable to give the token an expiration time.
# We can also encrypt the token before sending request in order to protect the
# token from being sniffed by attacker.
# Another trick that can limit attacker’s probability of being successful,
# is to ask for CAPTCHA or to ask for user to re-log in before a important action.
# It is a little bit annoying when we have to log in for every 20 minutes but it is
# worth considering when you are managing a banking system or action such as changing
# password.
# Example:
# create random token:
$_SESSION['csrf_token'] = randomize_token();
function randomize_token() {
//Create token here
}
# insert hidden field in form:
echo "<input type="hidden" name="csrf" value="<?php $_SESSION['csrf_token']; ?>">"
### EXERCISE (see logout.php):
### How to secure the logout function?
#################################################################################