Skip to content

Latest commit

 

History

History
45 lines (25 loc) · 1.29 KB

04_cross-site_request_forgery.md

File metadata and controls

45 lines (25 loc) · 1.29 KB

Cross-site Request Forgery (CSRF)

Attacker forces a login victim's browser to send a forged request that looks valid.

CSRF Tester

  1. Run OWASP CSRFTester
cd ~/workspaces/CSRFTester-1.0
java -classpath .:lib/concurrent.jar:OWASP-CSRFTester-1.0.jar org.owasp.csrftester.CSRFTester

  1. Change Iceweasel's proxy to point to localhost 8008.

  2. Navigate to http://localhost:8080/post.

  3. Start recording in OWASP CSRFTester.

  4. Submit a post.

  5. Stop recording.

  6. Delete any extra rows besides the post submission.

  7. Change the title and content parameters to say something else.

  8. Generate HTML using your preferred report type (form, iframe, img, xhr, link).

  9. Notice just rending the local page submits data to Wordy Ninja Blog.

Logout

Most users don't take the time to logout of sites. Unfortunately if that site is vulnerable to a CSRF attack, it lengths the target time.

  1. Visit https://robinlinus.github.io/socialmedia-leak/ to determine if there are any social media sites you really don't need to be logged into right now.

Observations

  • Attackers using social media (email, twitter, facebook, ads, url shortners, etc) can trick somebody into just visiting a page to do the damage.

Solutions

  • CSRF tokens
  • Force logouts