CSRF where token is tied to non-session cookie (Video solution, Audio)
Вставка
- Опубліковано 9 лют 2025
- This video shows the lab solution of "CSRF where token is tied to non-session cookie" from Web Security Academy (Portswigger)
Link to the lab: portswigger.ne...
0 explanation
true
For those who are struggling to understand the payload, search 'CRLF Injection Attack', or visit CRLF on geeksforgeeks
00:08 - Understanding session cookies and their impact on web security.
01:08 - Understanding CSRF with Non-Session Cookies and Parameters
02:26 - Updating email addresses in application settings
03:36 - Demonstrating CSRF token validation with non-session cookies in a browser environment.
04:54 - Exploration of browser interactions and CSRF prevention strategies.
06:03 - Overview of CSRF token security challenges with non-session cookies.
07:22 - Using proxy tools for CSRF token generation.
09:23 - Discussion on how cookies impact CSRF security.
i think that you could explain the impact of this way to exploit CSRF
I didn't understand why you copied session & csrfkey and save it on notepad, you didn't do anything with it later.!
I'm glad you also spotted that.
At 9:50 in csrfKey he should paste csrfKey from dropped in Burp's Repeater request and also from that request should copy csrf value and paste it to form .html.
you and rana khalil are the best
Why you copied and paste csrfKey in PoC from same request. you should copy scrf from attacker request and paste in PoC
my email address gets changed but still the lab isnt solved....
us bro us
@@rud8716 the struggle is real bro, but it got solved eventually :)
@@zipp5022 bro what did you do, because I am also facing same problem
@@rud8716 i wish i could help, but i solved it over a month ago, i dont exactly remember what happened, but it got solved, this lab is a big pain in the ass 😮💨😮💨
About the end of the video, in POC, you should put your csrf token on line 8 (name="csrf" value="your csrf token"
This will resolve lab😊
my firefox private icognito not load foxyproxy add on for proxying
you need to give permission
goddamit! this is not that difficult so why isn't this working for me??
same problem. i inspected packets and realized cookie is not changing.
Bu videodaki her şeyi defalarca yapmama rağmen bir türlü çözemedim tek tek not ediyorum nafile
confusing af
Very confusion video