JSON Hijacking & Two Way CSRF (update)


CSRF is a common attack vector when forms are not validated for the origin of the requests and not having unique tokens attached to the identifity. In modern times it is also possible to hijack streams like JSON.  It creates possible scenario to do a two way CSRF using XHR/HTML5 methods.

You can go over slides for that as below.



In the past, it was possible to use tricks and vulnerabilities like object overloading/overriding (get/set) for <script> as discussed below slides. 



In past few years lot of research and tricks being developed to hijack JSON streams with CSRF. Recently, researcher at Burp (@garethheyes) came up with a way to steal JSON stream by hijacking cross domain calls.

Here is the write up - 
http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html (here)

Alos, slides can be found over here - 
https://www.owasp.org/images/6/6a/OWASPLondon20161124_JSON_Hijacking_Gareth_Heyes.pdf (Here)

It is important vector to cover in pentesting and SDLC defense.