Skip to Main Content
Hacking: The Next Generation
book

Hacking: The Next Generation

by Nitesh Dhanjani, Billy Rios, Brett Hardin
August 2009
Beginner content levelBeginner
298 pages
9h 5m
English
O'Reilly Media, Inc.
Content preview from Hacking: The Next Generation

Cross-Site Request Forgery (CSRF)

Cross-site request forgery (CSRF) is an extremely popular attack vector. Outside attackers often use it to perform transactions on corporate intranet applications that are not accessible externally. CSRF takes advantage of the vulnerable application’s inability to distinguish legitimate transaction requests against requests from the victim’s browser that are a result of malicious client-side code. As with XSS, the scope of this chapter is beyond simple CSRF tactics. This section assumes the reader is familiar with the concept of CSRF. The goal of this section is to illustrate how sophisticated attackers can combine CSRF and other attacks to maximize exploitation.

Note

To gather some elementary knowledge about CSRF, visit http://www.owasp.org/index.php/CSRF.

Inside-Out Attacks

Attacking internal network resources from the outside adds a bit of complexity and typically changes an attacker’s attack landscape. Attacks against internal resources are often targeted toward large corporations with large numbers of network devices and enterprise software that create a target-rich environment for the attacker. In this section, we’ll discuss a scenario in which the attacker is able to remotely manipulate an internal employee’s web browser to attack the internal resources of a large corporation.

The typical internal corporate web application is protected from access from attackers on the Internet by the use of corporate firewalls. The basic illustration in Figure 2-6 ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Building a Modern Security Program

Building a Modern Security Program

Zane Lackey, Rebecca Huehls
Network Security Hacks

Network Security Hacks

Andrew Lockhart
Ransomware

Ransomware

Allan Liska, Timothy Gallo

Publisher Resources

ISBN: 9780596806309Errata Page