Mitigating Cross-Site Request Forgery Threats in the Web

Abstract

This study focuses on the development of a web browser extension designed to detect and prevent phishing attacks and Cross-Site Request Forgery (CSRF) vulnerabilities. The extension is built using HTML, CSS, and JavaScript and incorporates a machine learning model that was trained using the random forest algorithm. This algorithm was selected due to its high accuracy in comparison to other models tested. The primary function of the extension is to scan a website link for potential vulnerabilities and provide users with real-time protection against phishing attacks. This is achieved by using the trained machine learning model to analyze various characteristics of the website and determine if it poses a risk to the user's security. In addition to providing phishing protection, the extension also offers defense against Cross-Site Request Forgery attacks by preventing unauthorized actions from being executed on a user's behalf. This is achieved by verifying the authenticity of incoming requests and ensuring that only trusted sources are able to execute actions. Overall, this study intends to provide a comprehensive solution for protecting users against phishing attacks and cross-site request forgery vulnerabilities while browsing the web. The web extension is user-friendly and easy to install, making it accessible to a wide range of users.