Cross-site request forgery (XSRF or CSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user. An XSRF attack can be used to modify firewall settings, post unauthorized data on a forum or conduct fraudulent financial transactions. A compromised user may never know that such an attack has occurred. If the user does find out about an attack, it may only be after the damage has been done and a remedy may be impossible.
An XSRF attack can be executed by stealing the identity of an existing user and then hacking into a Web server using that identity. An attacker may also trick a legitimate user into unknowingly sending Hypertext Transfer Protocol (HTTP) requests that return sensitive user data to the intruder.
An XSRF attack is functionally the opposite of a cross-site scripting (XSS) attack, in which the hacker inserts malicious coding into a link on a Web site that appears to be from a trustworthy source. When an end user clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer.
An XSRF attack also differs from cross-site tracing (XST), a sophisticated form of XSS that allows an intruder to obtain cookies and other authentication data using simple client-side script. In XSS and XST, the end user is the primary target of the attack. In XSRF, the Web server is the primary target although collateral harm is often done to individual end users.
XSRF attacks are more difficult to defend against than XSS or XST attacks. In part, this is because XSRF attacks are less common and have not received as much attention. Another problem is the fact that it can be difficult to determine whether or not an HTTP request from a particular user is actually intended by that same user. While strict precautions can be used to verify the identity of a user attempting to access a Web site, users may not tolerate frequent requests for authentication. The use of cryptographic tokens can provide frequent authentication in the background so the user is not constantly pestered by authentication requests.