 |
| How To Hunt For Cross Site Request Forgery |
Welcome Hunters,
➤ Cross Site request forgery (CSRF) is an attack that forces an end user to execute unwanted actions on web application in which they’re currently authenticated.
➤ CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.
➤ With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing.
➤ If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
If the victim is an administrative account, CSRF can compromise the entire web application.
Why Does a CSRF Attack Work?
CSRF attacks works because the website never verifies whether the request came from a legitimate user: instead it just verifies that the request came form the browser of the authorized user.
How CSRF Attack works
Steps
➤ A user is authenticated on a website say hackerone.com
➤ The attacker tricks the victim into visiting his controlled domain say attacker.com
The attacker.com contains the malicious code which actually sends a request to hackerone.com to perform a specific action say changing victim website language.
➤ Hackerone.com assumes that request was sent from the victim's browser and does not verify it and hence changes the victim's lamguage
Note: So, in CRSF we will create a fake page of the victim website.
Because most off the form are based on POST base so we will try to make a forum.
Tool: Burp Suite
We will create a fake page and try to send it to the victim so if the victim response to that server there might a chance of the input credentials of the target.
Injection point for CSRF – Cross site request forgery
CSRF can be GET based
The function will call through the URL.
If you send this one to your victim and if he click on this link we can generate a malicious page with the tag on it.
Get Base CSRF on Logout.
In this case we will sent a link to the victim *logout.php* If the victim click on that link so the victim session will logout because we have sent him the link of *logout.php* of the same server.
CSRF can be POST based
The function will call through the POST form example: A fake login forum or a fake page.
Get Based CSRF Example
Let's assume that the website geekyworld.in utilizes a GET request to change the password. The request looks like the following
http://geekyworld.in/password.php?newpass=geeky@&confpass=world
The attacker can now modify the new pass and confpass parameters with his own password and forces the victim's browser to perform a GET request and hence the password would be changed to what the attacker set up. The code for forcing the victim's browser to make a get request would look something like this:
<img src="http://geekyworld.in/password.php?newpass=geeky&confpass=world" width="100" height="100">
Note: I hope you guys have the knowledge of HTML because i am not going to explain it if not you have to learn it if you wanna be a Bug Bounty Hunter
CSRF Protection Technique
➤ Referrer-Based Checking
➤ Anti-CSRF Tokens
➤ Brute Forcing Weak Anti CSRF Token Algorithm
➤ Tokens Not Validated Upon server
➤ Analyzing Weak Anti CSRF Tokens Strength
--------------------------------------------------------------------------------------------------------------------------
So i hope this would be helpful for you to hunt vulnerability more quickly. if you find any mistake please let me know in the comment box or here rajeshsahan507@gmail.com
Thank you and happy Hunting keep shining
Follow us on
facebook: @Cybersec_broo
Instagram: @Cybersec_broo
To get regular updates of Ethical hacking stuffs
Digital marketing has become an essential part of any successful business strategy.
ReplyDeleteSearch Engine Optimization (SEO) :- SEO is the process of optimising your website and content to rank higher in search engine results pages (SERPs). A digital marketing course will cover the key principles of SEO, including keyword research, on-page optimization, and link building.
Pay-Per-Click Advertising (PPC) :- PPC advertising is a model where businesses pay for each click on their ads. A digital marketing course will cover the basics of setting up and managing PPC campaigns on platforms like Google Ads and Facebook Ads.
Social Media Marketing :- Social media marketing involves using social media platforms to promote your brand and engage with customers. A digital marketing course will cover best practices for creating engaging social media content and building a following on platforms like Facebook, Twitter, Instagram, and LinkedIn.
Content Marketing :- Content marketing is the process of creating and sharing valuable content to attract and retain customers. A digital marketing course will cover the key principles of content marketing, including creating a content strategy, writing compelling copy, and measuring content performance.
Email Marketing :- Email marketing involves sending promotional emails to a list of subscribers. A digital marketing course will cover best practices for creating effective email campaigns, including creating engaging subject lines, designing effective templates, and analysing email campaign performance.
Analytics and Metrics :- Measuring the effectiveness of your digital marketing campaigns is critical to optimising and improving your strategy. A digital marketing course will cover key analytics and metrics, including website traffic, conversion rates, and return on investment (ROI).