I have written a Filter which generates random token and serves to Jsp, where On jsp I have ajax call which will return the token value and on that ajax call I validate the token.
Servlet Filter
String origin = request.getHeader("Referer");
log.info("URL obtained from referer :"+origin);
if(origin!=null && !origin.isEmpty())
{
if(url.endsWith(".jsp"))
{
if(!url.contains("/checkUserSession"))
{
String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom());
session.setAttribute("csrfPreventionSalt", salt);
}
}
}
useradd Jsp :
<input type="hidden" name="8f16a344767af48bd99493a8c7f1f6a0" value="<c:out value='${fn:escapeXml(csrfPreventionSalt)}'/>"/>
<script>
$(document).ready(function(){
var dt = new Date();
var time = dt.getHours() + ":" + dt.getMinutes() + ":" + dt.getSeconds();
var token1="<c:out value='${csrfPreventionSalt}'/>";
$.ajax({
url : '<%=context%>/checkUserSession?date="+time+"&8f16a344767af48bd99493a8c7f1f6a0='+token1,
success : function(responseText) {
if(responseText=='failure')
{
window.location.href ='<%=context%>/jsp/adminLogin.jsp';
}
}
});
});
</script>
Server side validation :
String servertoken = (String)session.getAttribute("csrfPreventionSalt");
String verify = request.getParameter("8f16a344767af48bd99493a8c7f1f6a0");
logger.info("---------------------------------------------------------------------------------");
logger.info("value from server : " + servertoken + " value from jsp :" + verify);
logger.info("---------------------------------------------------------------------------------");
String result = "success";
if ((!verify.isEmpty()) || (verify != null))
{
if (verify.contains(servertoken))
{
logger.info("******************** BOTH TOKEN MATCHES *************");
}
else
{
logger.info("**************** TOKEN FROM SERVER AND JSP DOESNOT MATCH *****************");
result = "failure";
}
}
When I logout from the session and again login into the application and start another session I have a script sample html
<html>
<body>
<script>history.pushState()</script>
<form action="http://localhost:8081/service/jsp/useradd.jsp" method="POST">
<input type="hidden" name="userid" value=""/>
<input type="hidden" name="username" value="abcuser@#64abcdef$#46;com"/>
<input type="hidden" name="isactive" value="1"/>
<input type="hidden" name="oper" value="add"/>
<input type="hidden" name="id" value="`empty"/>
<input type="submit" value="Submit request"/>
</form>
</body>
</html>
I am using burp suite Software for intercepting request. In one tab I have my session running, I open this sample html in other tab and intercept the request on submit button click,I manually add Referer to request So my first check on filter fails After which server only generate token and gives it to jsp which becomes same. Is there any way I can avoid this kind of CSRF attack. Thank you.