The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • 🕵️HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • 💣2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • 👿3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Introduction
  • Crafting the attack
  • References
  1. WEB

CSRF

Last updated 2 years ago

Introduction

Cross-Site Request Forgery (CSRF) is a type of web vulnerability that allows an attacker to send malicious requests to a website on behalf of a victim user. This can occur when a victim user is authenticated to a vulnerable website and has an active session. Then, the attacker tricks the victim into making a request to the website that includes malicious parameters.

For example, consider a situation where a victim user is logged into their online banking account. The attacker tricks the victim into clicking on a link that sends a request to transfer money from the victim's account to the attacker's account. If the website is vulnerable to CSRF, the transfer request will be executed by the website, even though the victim did not intentionally initiate the request.

To prevent CSRF attacks, websites can use techniques such as requiring a unique token to be included in all sensitive requests, or using same-site cookies to ensure that requests can only be initiated from the same website that the victim is currently visiting.

Crafting the attack

First of all, you need to analyze the website victim to see if the following conditions are met:

Secondly, you need to craft a CSRF exploit that would be delivered to the user victim.

This can be achieved by the Burp Suite extension . Right-click on the request and then go to Engagement tools/Generate CSRF PoC. The result will be an HTML code that, once accessed by the user victim, will send the malicious request to the website victim.

As an alternative, there is the website .

Thirdly, copy the generated HTML into a malicious web page and view it with a web browser, logged with a dummy account on the website victim, to test whether the intended request works.

Finally, deliver a link to the user victim and make it click through social engineering.

References

CSRF PoC generator
CSRF PoC Generator
Cross-site request forgery (CSRF)
Testing for Cross Site Request Forgery