Wow... This is amazing!!! I have been struggling trying to understand CSRF attacks. This video has helped a lot. Thank you Ben for these amazing videos.
Thanks as usual Ben, You're still da man bro :) I've been having some medical issues lately so I'm in the 10 possibly even15 week program but it's ok i could never work for you at this point in time anyways. I'm sure you wouldn't remember but last year about this time I commented on a video saying i was a 51yr old paraplegic who didn't know Linux, the terminal, heck i never even used a computer the only tech i new was my cell and how to email someone on it 🤷♂🤦♂. I seen one of your videos and thought i can learn bug bounty and make money from home because I'm stuck in a nursing home so i am going to teach myself so i can pay for help and get my own place. I'm proud to say I'm on my way since I'm teaching myself everything i gave 1.5 to 2 years where i can learn enough to make steady money to go with my SS check not a million dollar hacker like you but steady money and I'm proud to say I'm on track chugging along slow but steady :)
The question of "so what" (1:52), or as I like to ask about nearly everything in life, "who cares?" If people care about the vulnerability then it gains severity. The more "destructive" you can pitch the vulnerability as the higher the severity and two low severity vulns could easily become a critical vuln if combo'd so don't just report low bugs, you are only screwing yourself over.
I started to watch all your 5w from xss ,and i have a question, where can i find my first vulnerability ,i know how does this vulnerability loo k like but i dont know where should i looking for them, mayby every web page i working with?
Once the content-type is application/json, browser will send the preflight OPTIONS request before forwarding the actual cross-site request. This mechanism might stop your actual request from being forwarded. If the applicaiton responds with Access-Control-Allow-Headers: Content-Type, then modified Content-Type will be allowed and the cross-site request will pass through. If the ACAH header is not allowing modified Content-Type, you can try to forcefully change it to one of the following: application/x-www-form-urlencoded, multipart/form-data or text/plain. If the application still accepts the request, you can abuse this by modifying the malicious form to include enctype=text/plain. There are some other ways to specify the Content-Type header, depends on what you use to generate cross-site request. If the application has sufficient protections against Content-Type header manipulation, you cannot abuse CSRF. Be also mindful that the ability to abuse the CSRF will also depend on if the application uses JWT token in the form of Authorization: bearer or if the session cookie is set as Lax, or Strict. This protections will also mitgate the CSRf risk.
I could not understand the part where you framed an HTML element using tag. I tried opening it and was unable to execute the action that I intended to. My second question isa if I were to delete any user info I would not have the access to the other user's account usually. How would I find the id value in that case.
Not a bug bounty hunter, but a security researcher and pentester here. Not really sure how it is in bug bounties, but this vulnerability might be reported quickly, so you will need to be really advanced in this topic to find the "edge" cases and bypasses in certain situations. Just last week found open-redirect, missing samesite flag on the cookie + insufficient content-type validation chain in one of the core banking last week, so I would say that it very much is alive.
i found 5 csrf last december and got 250euro for each. csrf is still alive you have to complete all the portswigger labs to find different types of csrf
Wow... This is amazing!!! I have been struggling trying to understand CSRF attacks. This video has helped a lot. Thank you Ben for these amazing videos.
Thanks as usual Ben, You're still da man bro :) I've been having some medical issues lately so I'm in the 10 possibly even15 week program but it's ok i could never work for you at this point in time anyways. I'm sure you wouldn't remember but last year about this time I commented on a video saying i was a 51yr old paraplegic who didn't know Linux, the terminal, heck i never even used a computer the only tech i new was my cell and how to email someone on it 🤷♂🤦♂. I seen one of your videos and thought i can learn bug bounty and make money from home because I'm stuck in a nursing home so i am going to teach myself so i can pay for help and get my own place. I'm proud to say I'm on my way since I'm teaching myself everything i gave 1.5 to 2 years where i can learn enough to make steady money to go with my SS check not a million dollar hacker like you but steady money and I'm proud to say I'm on track chugging along slow but steady :)
Hey! Best of luck and I hope you feel better! ❤️🩹
You are so inspiring, you should start a YT Channel, I bet it will go viral and will be another revenue stream. I will definitely subscribe.❤
The question of "so what" (1:52), or as I like to ask about nearly everything in life, "who cares?" If people care about the vulnerability then it gains severity. The more "destructive" you can pitch the vulnerability as the higher the severity and two low severity vulns could easily become a critical vuln if combo'd so don't just report low bugs, you are only screwing yourself over.
really appreciate your work!! good explanation.
5WP and thanks for the content as always! Hope to meet you at Defcon
I started to watch all your 5w from xss ,and i have a question, where can i find my first vulnerability ,i know how does this vulnerability loo k like but i dont know where should i looking for them, mayby every web page i working with?
hallo ben thanks for making this video, I want to ask you how to execute csrf on graphql?
Thanks for video, 👍 but what happened to Q&A video on CSRF ....? it is marked as private.... Will it be available sooner?
I cannot reproduce what you are doing on notifications / email, I cannot change anything
Bro will you update you Bug Bounty Course on Udemy???
from 5wp. tnx a lot 'soltan' nahamsec
5WP - thanks for the video, time to go see how good coca-cola is at csrf protections!
Please explain how to approach web apps with json content-type in the case of csrf?
Once the content-type is application/json, browser will send the preflight OPTIONS request before forwarding the actual cross-site request. This mechanism might stop your actual request from being forwarded. If the applicaiton responds with Access-Control-Allow-Headers: Content-Type, then modified Content-Type will be allowed and the cross-site request will pass through. If the ACAH header is not allowing modified Content-Type, you can try to forcefully change it to one of the following: application/x-www-form-urlencoded, multipart/form-data or text/plain. If the application still accepts the request, you can abuse this by modifying the malicious form to include enctype=text/plain. There are some other ways to specify the Content-Type header, depends on what you use to generate cross-site request. If the application has sufficient protections against Content-Type header manipulation, you cannot abuse CSRF. Be also mindful that the ability to abuse the CSRF will also depend on if the application uses JWT token in the form of Authorization: bearer or if the session cookie is set as Lax, or Strict. This protections will also mitgate the CSRf risk.
I could not understand the part where you framed an HTML element using tag. I tried opening it and was unable to execute the action that I intended to. My second question isa if I were to delete any user info I would not have the access to the other user's account usually. How would I find the id value in that case.
You need to have 2 accounts. Now, try testing by altering the IDs and so on
@@sanjaiKumar-.- I did but wasn't still able to replicate it.
thanks a lot Naham.
I haven't found the first security vulnerabilities yet and I'm very disappointed😭
What is this caido that you are using? Is it better than burpsuite?
Ben is an advisor at Caido. Caido is security auditing tool. Not as good as burp but can replace burp in future.
I don’t understand . You talk and explain the concept so fast that i can’t even comprehend what is going on
5wp and thank you for eveerything you do
Let’s goooo🎉
is CSRF still alive now?
that's the question, lol
Not a bug bounty hunter, but a security researcher and pentester here. Not really sure how it is in bug bounties, but this vulnerability might be reported quickly, so you will need to be really advanced in this topic to find the "edge" cases and bypasses in certain situations. Just last week found open-redirect, missing samesite flag on the cookie + insufficient content-type validation chain in one of the core banking last week, so I would say that it very much is alive.
i found 5 csrf last december and got 250euro for each. csrf is still alive you have to complete all the portswigger labs to find different types of csrf
what is 5wp?
cloud hacking tutorial pls
5wp for the win!
Got a better overview from this.
\\alert('5WP')//; Thanks Nahamsec ...
alert('5WP');
5WP!!!!!!!!!!!!!
5wp❤❤❤
5WP 🎉
First
not late today
5WP !!!
Can't help to click 😂
5WP!
alert(5wp)
5WP
W
good content but you talk to fast
5WP! Thanks @NahamSec!
5WP
5wp
5wp
5WP Thank you soo much @NahamSec
First
5WP!!
5wp
5WP
5wp
first
nobody cares
@@Jarling-so4oi this was 6 months ago lol ur a child
5wp
5WP
5wp
5wp
5wp
5wp
5wp
5wp
5wp