Search code examples
aspnetboilerplateman-in-the-middle

How to prevent Replay Attack on AspNetBoilerplate framework

I have built a WebApp on ASPNET Boilerplate fw and used protocol HTTPS. I used Burp Suite Community Edition to test and found a risk related to Replay Attack. The root cause is from Token based design, the token is not revoked after user logout. So is there any walkaround to overcome it?

Testing steps:

  1. Open Burp Suite
  2. Open browser, login into my WebApp
  3. Doing a task in the WebApp, ie Create new record
  4. Go to Burp, find HTTP request on my Create new record action in HTTP history, Send it to Repeater
  5. Logout, close browser
  6. Go to Burp/Repeater, re-send the HTTP request and receive HTTP/1.1 200 OK
  7. Checking database: The same record inserted

Could anyone give me some advices? Thanks

Solution

  • I have resolved this issue by update security stamp. This will hurt performance but fix my security risk. If anyone have a better solution, please share. Thanks

    In AccountController.cs

    var user = await _userManager.FindByNameAsync(User.Identity.Name);
await _userManager.UpdateSecurityStampAsync(user);
await HttpContext.SignOutAsync(IdentityServerConstants.DefaultCookieAuthenticationScheme);

    In StartUp.cs

    services.Configure<SecurityStampValidatorOptions>(options =>
{
   //Enables immediate logout, after updating the user's stat.
   options.ValidationInterval = TimeSpan.Zero;
});