May 17, 2010
Regarding CSRF, if I were to have a web server type set up with curl capabilities on the very same computer/server that I’m accessing the site from, I could then use curl to fetch the page and scrape for the nonce before it’s expired.This is all theory as I’ve had a script I’ve tried this on with different levels of CSRF protection (premade) and I was still able to create a bot for content generation that would log in to the site with CSRF set to maximum protection (no multiple tabs, etc.). I would simply spoof the user agent and grab the needed nonce for submitting to the next page.I did this all using php and directly using cURL through the command line from the script and was able to generate forum/news posts, upload pictures and pretty much spam my own site (which did happen during the testing of this bot ).I’m new to CSRF and working on my own script with hopes to keep it secure, using nonces seems kind of redundant this way, doesn’t it? It’s easy to spoof user agents and referers using just curl. If I really wanted to automate requests and all that I could easily get to it on any other site if I were using this method.Since I am still learning on the whole CSRF protection is there any suggested reading on the subject besides this site and google searching that could be suggested by any of you?Also, are there methods of preventing what I just mentioned above?I've done some extensive research into using curl and am pretty handy with using it now, I just haven't put effort into preventing forged requests using curl.
View 1 Replies