CSRF
Introduction
Cross-Site Request Forgery (CSRF) is a type of web vulnerability that allows an attacker to send malicious requests to a website on behalf of a victim user. This can occur when a victim user is authenticated to a vulnerable website and has an active session. Then, the attacker tricks the victim into making a request to the website that includes malicious parameters.
For example, consider a situation where a victim user is logged into their online banking account. The attacker tricks the victim into clicking on a link that sends a request to transfer money from the victim's account to the attacker's account. If the website is vulnerable to CSRF, the transfer request will be executed by the website, even though the victim did not intentionally initiate the request.
To prevent CSRF attacks, websites can use techniques such as requiring a unique token to be included in all sensitive requests, or using same-site cookies to ensure that requests can only be initiated from the same website that the victim is currently visiting.
Crafting the attack
First of all, you need to analyze the website victim to see if the following conditions are met:
Secondly, you need to craft a CSRF exploit that would be delivered to the user victim.
This can be achieved by the Burp Suite extension CSRF PoC generator. Right-click on the request and then go to Engagement tools/Generate CSRF PoC. The result will be an HTML code that, once accessed by the user victim, will send the malicious request to the website victim.
As an alternative, there is the website CSRF PoC Generator.
Thirdly, copy the generated HTML into a malicious web page and view it with a web browser, logged with a dummy account on the website victim, to test whether the intended request works.
Finally, deliver a link to the user victim and make it click through social engineering.
References
Last updated