Red Squad
BuyMeACoffee
  • 🏠/home/red-squad
    • ⏰Recently Added
    • πŸ₯³Support our projects
    • ⚰️Is There Life After Death ?
  • 🌐Web Hacking
    • 🚩CTFs shortcuts
    • πŸ—ΊοΈAudits plan
      • Exposition Audit - Plan
      • Internal Audit - Plan
      • External Audit - Plan
    • πŸ•΅οΈOSINT
      • πŸ”Search Engines
      • πŸ§‘User OSINT
      • πŸ‡«πŸ‡²Domains, IP, IOT
      • πŸ•ΈοΈWebsite OSINT
      • πŸ—£οΈBreaches/Leaks
      • πŸ’ΌBusiness OSINT
      • πŸ§…TOR network
      • πŸ”¬Source Code
      • πŸ₯ΈDorks
      • βš”οΈVulnerabilities and IOC
      • πŸ“¦MISC
    • Enumeration
      • Network Scanners
      • Directory/Files Scanners
      • Web Scanners
        • Subdomains
    • πŸ”—HTTP Stuff
      • HTTP Methods
        • 403 Bypass
      • Security Headers
      • HTTP Parameters
    • πŸ”Sessions / Tokens
      • Cookies
      • JWT
        • Attacking JWT
    • πŸ’‰Injections
      • HTML | XSS
      • SQLi
        • SQLmap
        • NoSQLi
      • XXE
      • LaTex
    • πŸͺ±Web Vulnerabilities
      • CSRF
      • ClickJacking
      • Files / Upload
        • πŸ—ƒοΈFile Upload Bypass
        • πŸ“¦ZIP Slip
      • IDOR
      • LFI
        • Files to look for
      • Remote Code Execution
    • β›”WAF Bypass
    • ✍️Servers / CMS
      • 🐈Tomcat
      • πŸ’§Drupal
      • ✏️Oracle APEX
      • 🐦Apache
      • πŸ”·WordPress
        • Wordpress eBook Download < 1.2 - CVE-2016-10924
      • ⏩SAP
      • πŸ•΄οΈJenkins
      • πŸ–‡οΈJoomla!
      • 🏒Server-Side Vulnerabilities
        • Server-Side Request Forgery
        • Server-Side Template Injection
    • πŸ–‡οΈAPI
      • GraphQL
  • 🐧Linux Hacking
    • πŸ§—Privilege Escalation
      • Find passwords
      • Ansible
      • Manual Checks
      • Automated Checks
    • πŸ‘£Cover tracks
    • πŸšͺBackdoors
    • β­•Reverse Shells
      • Shell Stabilizing
      • PwnCat
      • Ping-Pong
    • πŸ”’Compiled Binaries
    • 🌊Buffer Overflow
      • Introduction
      • Fundamentals
      • Exploits
    • 🐳Docker Escape
    • 🀝File sharing
  • πŸͺŸWindows Hacking
    • πŸ‘₯Active Directory
      • 1. Reconnaissance
        • Domain Network Enumeration
          • SMB Enumeration
          • LDAP Enumeration
      • 2. Initial Attack Vectors
        • Kerberos
          • Lookupsid
          • findDelegation
          • ASREPRoast
          • Kerbrute
        • AD CS
          • Basics
          • Exploits
        • Network
          • SMBRelay
          • LLMNR_NBT NS Poisoning
            • Relay Poisoning Ressources
          • IPv6 Attacks
        • Impacket
          • Windows Secrets
        • Autologon
        • PowerView.ps1
      • 3. Post-Compromise Enumeration
        • ACLs Abuse
        • Computer enumeration
        • PowerView
        • BloodHound
        • MimiKatz
        • PingCastle
      • 4. Post-Compromise Attacks
        • WSUS Poison
        • AlwaysInstallElevated
        • DCSync
        • Dumping LSASS
        • Dumping NTDS.dit
        • Golden Tickets
        • GPP Attacks
        • Kerberoasting - SPN
        • Pass the Hash
        • Pass the Password
        • Rubeus
      • 5. PrivEsc & MISC
        • Automated scripts
        • Exploits
          • noPac - CVE-2021-42278
          • ZeroLogon - CVE-2020-1472
          • LocalPotato - CVE-2023-21746
          • PrintNightMare - CVE-2021-34527
          • Other CVEs
    • πŸ’‘Useful AD Commands
    • πŸ§—Privilege Escalation
    • 🐚Shells
    • πŸ”“Bypasses
      • UAC
      • Antivirus
      • AppLocker
      • BitLocker
    • πŸ“ƒOffice
      • Analyze office files
      • Forgot password of file ?
      • CVE-2023-21716 (Microsoft Word RCE)
    • πŸ‘©β€πŸ’»SCCM | MECM
      • Configuration Audit
      • Dump
      • Hack It
        • Reconnaisance
        • PXE/OSD Exploitation
        • NTLM Relay from SCCM Clients
        • Privilege Escalation
        • Lateral Movement
        • Malware Deployment
      • Basics
    • πŸ’ŽMicrosoft 365
      • Configuration
      • Hacking
  • πŸ’½Systems
    • πŸ•β€πŸ¦ΊServices Enumeration
    • πŸ–¨οΈPrinters
      • Printer Exploitation Tool (PRET)
      • CUPS
    • πŸ›‘οΈFortinet
    • πŸ“ΉCCTV / IP Cameras
      • Hacking
  • πŸŽ†Networks
    • πŸŒͺ️Pivoting
      • Tools / Guide
        • Proxychains / FoxyProxy
        • SSH Tunnelling / Port Forwarding
        • Plinx.exe
        • Socat
        • Chisel
        • Sshuttle
        • Ligolo-Ng : Pivoting use cases
      • SocksOverRDP
    • πŸ”₯Firewalls
      • πŸ”₯Evasion
    • πŸ”—Proxies
  • πŸ“±Mobile Hacking
    • πŸ€–Android
      • Introduction
      • Reversing
      • Static Analysis
      • Dynamic Analysis
      • Disable SSL Pinning
      • Bypass Root Detection
      • Network / Traffic Analysis
    • 🍏iOS
      • Introduction
      • Static Analysis
      • Dynamic Analysis
      • JailBreak
    • πŸ“ΊIOT
      • IOTGoat OWASP | Walkthrough
      • Resources
  • Configuration
    • ChromeOS
    • Mobile
      • Android
    • IBM
      • AS400
      • AIX
  • πŸ“‘Wireless Hacking
    • πŸŽ†Wi-Fi Attacks
      • EvilTwin
      • Cracking WPA/WPA2
      • Sniffing
    • 🫐Bluetooth
      • BLE Locks Hacking
  • πŸ‘¨β€πŸ’»Code Audit
    • βœ”οΈBest Practices
    • ❌Bad Practices
    • βš’οΈTools
  • πŸ‘Thick Client Hacking
    • πŸ“Thick Client Pentesting Methodology
    • πŸ—„οΈResources
  • πŸ—„οΈMISC
    • πŸ”‘Default Credentials
    • πŸ”»CVEs
      • [CVE-2022-0847] - dirtypipe
      • [CVE-2021-4034] - Pwnkit
      • [CVE-2021-45105] - Log4J
      • [CVE-2018-15473] - OPENSSH < 7.7
    • 🦊Browser Extensions
    • πŸ€–AI
      • chatGPT alternatives
      • Large Language Model Hacking
    • πŸ”­Hacking Labs
    • πŸ”«Exploitation Frameworks
  • πŸ•΅οΈOPSEC
    • πŸ—οΈPrivacy
      • Best tools
      • Online Anonymity
      • Browser Configuration
  • πŸ”‘CRACKING | ENCODING
    • πŸ₯ŠBruteforce tools
    • πŸ“Wordlists
    • 🧨Cracking Tools
    • πŸ”¬Encoding | Decoding Tools
    • πŸ”Steganography | Cipher
  • πŸ”΄RED TEAM
    • πŸ“₯Password Extract
      • Firefox
    • πŸ•΅οΈSpy cam
    • πŸ”’Lock Picking
    • 🎣Phishing
      • Infrastructure
      • Resources
  • πŸŒ€Whistle Blowing
    • πŸ“ΉCCTV
  • πŸ”΅BLUE TEAM
    • 🧩Forensics
    • 🦹Malware Analysis
    • πŸ› οΈTools
    • 🍯HoneyPots
    • πŸŽ†Networks Security
    • πŸͺ™Online IoC Scanners
  • 🐞Bug Bounty Related
    • Searching for CVEs
    • [FR] Legal
    • Dorks
  • πŸ–₯️DEVELOPERS
    • πŸ‘¨β€πŸ’»IDE
  • πŸ“šLEARNING
    • Windows
      • Active Directory
      • Kerberos
      • Pass-the-*
    • SQL
      • SQSHell | sqsh | skwish
      • NoSQL
      • DB infos
    • SSL/TLS
      • Configuration on MariaDB
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Web Hacking
  2. Web Vulnerabilities

CSRF

PreviousWeb VulnerabilitiesNextClickJacking

Last updated 1 year ago

Was this helpful?

What is a CSRF attack ?

In a Cross-Site Request Forgery attack, a malicious site tricks a victim's browser into making an unwanted request to a different site on which the victim is authenticated, potentially causing the victim to perform an action on that site without their knowledge or consent.

How does it work?

Imagine a scenario where you're logged into your online banking. While still logged in, you visit a different website that has some malicious code. This malicious website can send a request to your bank's website to transfer money without your knowledge. If the bank's website doesn't have proper CSRF protections, it would think that you made the request because your authentication cookies are automatically included by your browser.

Key points about CSRF:

  1. Relies on the authenticated state: The attack works because browsers automatically include any cookies associated with a domain in requests made to that domain. So if you're authenticated to a website, that means any requests made to that website (even from a different website) will include your cookies.

  2. Doesn't steal data directly: CSRF isn't about stealing data. Instead, it tricks the victim into performing actions without their knowledge.

  3. Exploits trusted relationships: CSRF exploits the trust a website has in the user's browser, not necessarily a flaw in the website's design (although lack of CSRF protections is considered a design flaw).

How to prevent CSRF attacks?

  1. Use Anti-CSRF Tokens: The most common way to prevent CSRF attacks is to use anti-CSRF tokens. This involves sending a random token in each request which the server verifies. Since the malicious site won't know this token, it can't forge a valid request.

  2. SameSite Cookie Attribute: Modern browsers support the SameSite cookie attribute, which can prevent the browser from sending cookies along with cross-site requests, mitigating the risk of CSRF attacks.

  3. Check the Referer and Origin Headers: Servers can check these HTTP headers to see if a request is coming from a trusted origin.

  4. Require Reauthentication for Sensitive Actions: For very sensitive operations, like changing a password, always prompt users to re-enter their current password.

  5. Be cautious with CORS: Cross-Origin Resource Sharing (CORS) headers shouldn't be used recklessly, as they can allow unwanted cross-site interactions.

🌐
πŸͺ±