Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨

@10:07 I was only able to solve the lab using the GET method, instead of POST method here (Burp Community edition). This makes sense to me now, as the title of the lab is CSRF Where Token Validation Depends on Request Method (where this video was found @Portswigger Academy). I really like your teaching style, Rana. Hopefully, this saves someone time, if they get stuck.

U have great knowledge. And thanks for sharing ur knowledge. Really helpful. I want to know ur path. When did u start, wt r resources, books u hv used

I really want you to cover all the portswigger labs

Keep up the great work

Thank you 😊

hi Rana, I'm trying to use your html payload and Burp payload, I start the server on ngrok, the page loads and I'm thrown to the lab. Why? why don't I stay on the website with a payload?

Can anyone provide a overview or sample code which is written on the backend and which is vulnerable to the above depicted attack i.e how the backend is handling the request in terms of CSRF token

مشاءالله ❤

thank you, sister. give me more video........

Can you add an arabic caption

Tweet me, DM me etc etc but never replies.... Masha allah....