CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version

Im 16 years old , you made me love cyber security

Keep it up! best CS youtube channel I've ever seen

Really liked the way you documenting about issue, preparing test scenarios and explaining the exploit. Keep post the multiple videos.

Very good explination of your testing process. Much appreciation. A lot of value here. More so than just showing the answer absent an explanation.

hello Rana, Wow u are such an amazing person.❤
I've leaved my 17 years of life thinking that in this whole world there is no women who knows or cares about cybersecurity but now I've found u, it makes me kind of love u just the way u are😏

Great methodical approach to the lab. Thank You for detailed explanation.

謝謝你，我通過 youtube 的自動翻譯來傾聽你的講述，你的思維體系讓我震撼，記筆記的方式讓我折服

Wow, this is very helpful and made me understand the lab fully, Thanks alot, Rana.

You ma'am, are a great instructor!! Thank you!

😍love ❤️ for ur explained method

love the you explained ,excellent teaching technique .

Hi Mam , love ur Videos from Pakistan

I was getting the invalid csrf error with Chrome browser. I switched to Firefox and it worked. Note that the "View exploit" still gave me a csrf error. But when I "Deliver to victim" it solved the lab. Just make sure your script is similar to the one from Rana's github repository.

Is thee anybody who did not solve this lab like me ? I tried couple of times but not solved. What I did as far; I picked up second user csrfKey and csrf token and replaced with in first user's csrfKey and csrf token, used engahement tool to prepare HTML code but did not work. I am not sre problem with me as I make mistake or lab is corrupted somehow ?

Thanks for making this great content, appreciated \o/

that is a good explaination

Excuse me, I have followed all the steps and I managed to add the csrfKey with "/?search" manually in burp, but when I automate it with

Hi man, I tried so many times but this method is not working. Could you review the question and solution?

amazing video

hi and thx for the great explenation but i cant figure out why i cant solve the lab. if i test it with the csrf's tokens from carlos as i was logged in with wiener ....it worked. so the code is correct, but if i try to send that code with fresh csrf tokens from carlos and send it to the victum it doesnt work to solve the lab =/. i tried to be logged in with wieder and without an login and still nope...maybe server/lab issue

what happens when the application only accepts one csrf token per request and yet you have multiple targets?

I Love your videos!!

My exploit works in view exploit part and email changes but when I click on deliver to victim nothing happened.
Im going to be happy if some one help me to solve this problem🙏🏻

I'm unable to successfully modify the cookie with the search parameter

U R the best! ;]

this lab took me so much time because when i login to the other account in the same browser it shows that they have same csrf token value for some reason. but when i logged in in incognito it showed different csrf token for the 2 accounts. is this a bug in browsers?

If it isnt solved try adding this at the end of the csrf-cookie %3b%20SameSite=None

Waiting for new lactures...

thanks, lady

Not Working anymore :(, even the PoC script in the github isnt work

Am i alone who recieve invalid CSRF token when i test the CSRF html at my browser?

i havent understood, why have you written %0d%0a? what that means? how do you know that?

Is this exploitation work in real world?

Hello mam,

why we use header injection?iwhy we dont act like previous sections?