Exploring CSRF Vulnerability: Theory and Hands-On Lab using CSRF generator in Burp Suite
Key Takeaways
This video teaches how to exploit Cross-site request forgery using CSRF generator in Burp Suite
Full Transcript
[Music] [Applause] [Music] hello everyone and welcome back to my channel in today's video we will explore the theory of cross-site request forgery and apply our knowledge by solving the port sgle lab titled csrf vulnerability with no defenses to achieve this we will use a tool called csrf proof of concept generator which is provided in burp site professional all right let's Jump Right In all right guys so what is cross-site request forgery or csrf in short well csrf is in attack that forces an end user to execute unwanted actions on a web application in which they are currently logged in to further clarify picture this a hacker is crafting a malicious link targeting users that are logged into a vulnerable website meanwhile the victim is logged into to the vulnerable website and going about her us usual activities out of nowhere she receives a seemingly harmless link and without suspecting anything she clicks on it in an instant the hacker seizes control by changing the victim's email address to his own effectively taking over the victim's account so as you probably already guessed the impact of this attack can be very serious as it causes the victim to perform unwanted actions such as changing email address changing password transferring funds and so on and so forth for a csrf attack to be possible three Key conditions must be met firstly there must be a relevant action so to enable a csrf attack there must be an action within the application that the attacker has a motive to trigger this action could involve privileged operations such as modifying permissions for other users or any user specific action like altering their own password secondly for a csrf attack to work the action should require ire one or more HTTP requests and the application must rely only on session cookies to identify the user making those requests there should be no additional mechanisms in place to track sessions or validate the user requests and the third and final condition is absence of unpredictable request parameters so the request responsible for carrying out the action must not contain any parameters with values that the attacker cannot determine or guess for instance if the attacker needs to know the existing password to make a user change their password then this function is not vulnerable to csrf so this HTTP request satisfies all of the above conditions the relevant action in this case is to change the user's email address we can see that it uses cookie based session handling because we don't see any additional authentication tokens or headers like authorization barrer the only thing defined is the session cookie now this implies that the application will like solely on session cookies to identify the user making the requests third there are no unpredictable values in the request that are difficult for an attacker to guess all right guys enough with the theory let's go ahead and solve a csrf lab on pger so I have already launched a lab called csrf vulnerability with no defenses and I have already logged in as Wier Peter and as you can see the email address is Wier normal- us.net so the objective is to change Wiener's email address to the attacker's email without Wiener's knowledge or consent all right so how do we start the first thing we need to do is to turn on the intercept and let's just set uh a new email address like silver hack haacker dcom and then we click on update email and here we can see that we have captured the post request to the change email endpoint containing the new uh email address and what we would like to do now is to rightclick and then engagement tools and then generate csrf proof of concept and if we expand that so what are we seeing here we are seeing the post request that we just saw which includes the new email address and Below we can see the csrf proof of concept so let's break it down we have an HTML form that is used for making HTTP requests in this case it is used to perform a post request to the vulnerable application inside the form there is an input with type hidden to hide it from the user it has the name email and the value silver Haack hacker.com now this of course represents the new email address that the attacker wants to set for the victim and then we have the input element with the type submit when this button is clicked it would submit the form meaning it would trigger the post request we also Al have the submit function this line automatically submits the form on the page without requiring any user interaction it essentially simulates the victim clicking on the submit request button in the hidden form so to summarize when a victim loads this proof of concept their browser will automatically send a post request to change their email address without their knowledge or consent of course provided that they are already logged in to that website all right now let's do the fun stuff let's see if this proof of concept actually works all right so let's go ahead and click on test in browser and let's copy this link and let's navigate to a new tab and paste this link and press enter let's wait a little bit here it's loading and there you go guys now we can see that the email has in fact changed to Silver hack hacker.com this means that by luring the victim to visit the page containing the csrf proof of concept the hacker managed to successfully change the victim's email address this action results in the hacker gaining full control over the victim's account without weer Peter's knowledge so in a real pentest engagement that would have been enough to prove that we have found a csrf vulnerability but to solve this lab we need to do some extra steps all right so we need to navigate to exploit server and as you can see we have a body here and what we you need to do is to copy the HTML from the csrf proof of concept and we want to paste it in the body and then store and what we need to do now is to view the exploit basically to simulate the user or the victim uh navigating to the malicious website all right so let's click on view exploit now it's loading and there we go guys as you can see the email has been changed changed to Silver Haack hacker.com meaning that we have successfully solved this lab all right guys so that is going to be it for this video I hope you have learned something valuable today if you want to support this channel you can like subscribe and turn on the notification Bell and if you have any questions please let me know in the comment section so thanks for watching guys and see you in the next one
Original Description
In this video we will learn about Cross-site request forgery by solving a #portswigger lab titled "CSRF Vulnerability with no defenses" using CSRF POC Generator included in #burpsuite Professional edition.
It is crucial for software engineers to understand this vulnerability in order to be able to implement security measures that mitigate the security risks.
Icon in thumbnail from: https://www.flaticon.com/free-icons/access-denied title="access denied icons" Access denied icons created by Eucalyp - Flaticon
00:00 Introduction
00:32 Theory
03:18 Solving Portswigger lab: CSRF Vulnerability with no defenses with CSRF POC generator in Burp suite pro
7:05 Outtro
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
More on: Network Security
View skill →Related Reads
📰
📰
📰
📰
Mastering the Art of Test Hacking: A Comprehensive Guide
Dev.to · Shahid Bhai
Your Photos Are Broadcasting Your Home Address (Strip EXIF GPS in the Browser)
Dev.to · Max
Hack Smarter Labs — Dark: From Unauthenticated WordPress Bug to Root
Medium · Cybersecurity
I Tried Teaching My Non‑Tech Friend How to Spot a Scam Email. Here’s What Actually Worked
Medium · Cybersecurity
Chapters (4)
Introduction
0:32
Theory
3:18
Solving Portswigger lab: CSRF Vulnerability with no defenses with CSRF POC gener
7:05
Outtro
🎓
Tutor Explanation
DeepCamp AI