
๐ฉโ๐๐จโ๐ Learn how to circumvent cross-site request forgery (CSRF) protection controls. We are going to have a look at a very common protection mechanism, learn about the implementation, and finally see how to bypass it.
Overview:
00:00 Intro
00:17 Lab overview
01:09 Analyse the request
02:30 Where is a CSRF token coming from?
03:20 Exploit the victim
04:29 Solving the lab
06:12 Conclusion
For more information, check out https://blog.intigriti.com/hackademy/cross-site-request-forgery-csrf.
๐ Portswigger CSRF Challenge: https://portswigger.net/web-security/csrf/lab-token-not-tied-to-user-session
---
๐งโ๐ป Sign up and start hacking right now - https://go.intigriti.com/register
๐พ Join our Discord - https://go.intigriti.com/discord
๐๏ธ This show is hosted by https://twitter.com/PascalSec (@Hacksplained) & https://twitter.com/intigriti
๐ Do you want some Intigriti Swag? Check out https://swag.intigriti.com/
0 Comments