In this chapter, we learned about how to detect and exploit one of the most extender vulnerabilities. CSRF is extended, and I think it is easier than other bugs, as it is not commonly reported as others. As a recap, let's have a look at the following points:
- CSRF bugs could be in
GET
orPOST
requests. Using one instead of the other is not a protection. It requires more effort to exploit aPOST
request. - Remember that the cookies are vulnerable, so always control of them in the client side.
- To detect vulnerable
GET
requests, just use the map created by the HTTP Proxy, and look for requests to methods in the application, internal or external. - Pay special attention to APIs. Currently, all the developers want to construct service-oriented applications, and they are susceptible to CSRF attacks.
- Use the
<img>
tag to testGET
requests. - Create forms to perform actions on vulnerable
POST
requests, using hidden fields to send the information required by the application. - There are a lot of anti...