A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
In this case the server trusts the user whatever the request is coming that is from the authenticated user.
It is nothing but changing the users request to something else (just like forgery of signature).
Step 1:The user has logged in with his credentials
Let the credentials be admin and password.
Step 2: And user is doing his work. Attacker knows that this user is already logged in. So that he will perform the below steps to do CSRF attack
1.Attacker will log in with his credentials and performs the password change action as below
2.Attacker will right clicks on the page and select “View Page Source” it display the complete source code of that page, in that page find the form tag containing“password fields” as shown below.
3.He will change the password parameter value to “hacking” and the GET method to POST method because if it is in GET method means the victim can see the changes in the URL. Save the changes made and craft it as a link or image format and send to the victim who is alread1y logged in.
Step 3: Victim suddenly gets the link which is sent by attacker, victim will click on that link, it will perform theactual action and the password is changed without the knowledge of the victim and takes him to the below page
Step 4: After this victim will not able to login with the old password (i.e.password)
Hence the CSRF attack has been done and login is possible only by new password(i.e.hacking).
Example: (CSRF Tester)
Step 1: Log in with the username as admin password as password.
Step 2:Download the CSRF tester and in that click on run.bat
Step 3: Change the proxy settings .For example in Firefox go to tools options Networks and click on settings.
Step 4: Then select Manual proxy and HTTP Proxy: 127.0.0.1 and port as 8008.
Step 5:Start recording in CSRF tester and the Http method is obtained.
Step 6: Click on generate HTML and the save the file.
Step 7:Then a link is seen and if the user clicks on it a CSRF attack is performed
Step 8: Then if the user tries to login with default password (password).
Hence a CSRF attack has been performed and the login will be successful with the new password (i.e hacking)