How To Search For CSRF!
HTML-код
- Опубликовано: 16 июл 2024
- 👩🎓👨🎓 Learn how to find cross-site request forgery (CSRF) vulnerabilities. We are going to have a look at what to look out for in HTTP requests. After that, we demonstrate one possible attack scenario (including Burp Suite Repeater) that you can use in your daily arsenal!
Overview:
00:00 Intro
00:21 Lab overview
01:23 Analyse the request
02:19 Generate CSRF POC
03:20 Run Exploit
05:03 Conclusion
For more information, check out blog.intigriti.com/hackademy/....
🔗 Portswigger CSRF Challenge: portswigger.net/web-security/...
---
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / pascalsec (@Hacksplained) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com/
Thanks. I had a lot of issues with this lab
Glad it helped!
I love intigriti. We'll start hunting on that platform soon. Thank you for all you do to make us better Security reserchers. Great video. My best bug class. CSRF 🔥🔥🔥🔥
Niiiice, we are looking forward to welcoming you on our platform 🥳.
intigiriti not a bad platform. only problem for me is the language barrier haha
Nice man . Keep it going
Thanks, will do!
You are great! Keep good work. I hope you now you are helping lots of ppl to turn around their lives :)
🙏🥰
do you know which software is this?
they say you learn by doing. did not understand CSRF still I did this tutorial, plus I don't have burp bro so I modify the HTML template to look like yours. keep it up, guys
We are glad to hear that you are learning from our videos 😇 Good luck on your journey!
Hey! The video is very useful, thank you! I have a question, how do we know which request headers to remove?
Generally speaking you will have to learn what the different request headers are used for. You can always send the request to Burp's repeater and start by removing individual headers to see what happens, playing around with them.
great walkthrough, thanks a lot. Question: if the webapp use JWT instead of session's cookies, this means the application is totally immune to CSRF attack?
Pretty much yes. If your application uses an authorization header which is not automatically set by the browser (such as cookies and basic auth), there is chance for CSRF.
Pure gold
⭐️
many tnx
You are very welcome ❤️
@0.33 Which application is this? newbie here
Hey! You wanting to know which portswigger lab it is? If so, it's portswigger.net/web-security/csrf/lab-no-defenses but if you are wondering what tool is shown there, it's burp suite (also by portswigger) 🙂
@@intigriti Thank you so much for your quick response!
First again
🏎
Thank you. intigriti
Of course 💪