CSRF where token is tied to non-session cookie (Video solution, Audio)
Рет қаралды 22,158
Күн бұрын
@ali-wz6nz Ай бұрын
00:08 - Understanding session cookies and their impact on web security. 01:08 - Understanding CSRF with Non-Session Cookies and Parameters 02:26 - Updating email addresses in application settings 03:36 - Demonstrating CSRF token validation with non-session cookies in a browser environment. 04:54 - Exploration of browser interactions and CSRF prevention strategies. 06:03 - Overview of CSRF token security challenges with non-session cookies. 07:22 - Using proxy tools for CSRF token generation. 09:23 - Discussion on how cookies impact CSRF security.
@fannah24 3 жыл бұрын
For those who are struggling to understand the payload, search 'CRLF Injection Attack', or visit CRLF on geeksforgeeks
@venomhacks1322 3 жыл бұрын
0 explanation
@2os5 3 жыл бұрын
true
@alonsocorrea1256 3 жыл бұрын
i think that you could explain the impact of this way to exploit CSRF
@mamunurrashid9022 3 жыл бұрын
I didn't understand why you copied session & csrfkey and save it on notepad, you didn't do anything with it later.!
@some_user6929 3 жыл бұрын
I'm glad you also spotted that. At 9:50 in csrfKey he should paste csrfKey from dropped in Burp's Repeater request and also from that request should copy csrf value and paste it to form .html.
@zipp5022 3 жыл бұрын
my email address gets changed but still the lab isnt solved....
@rud8716 2 жыл бұрын
us bro us
@zipp5022 2 жыл бұрын
@@rud8716 the struggle is real bro, but it got solved eventually :)
@rud8716 2 жыл бұрын
@@zipp5022 bro what did you do, because I am also facing same problem
@zipp5022 2 жыл бұрын
@@rud8716 i wish i could help, but i solved it over a month ago, i dont exactly remember what happened, but it got solved, this lab is a big pain in the ass 😮💨😮💨
@JollyRogers-vp5yn Жыл бұрын
About the end of the video, in POC, you should put your csrf token on line 8 (name="csrf" value="your csrf token" This will resolve lab😊
@axeldelgadillo9838 Жыл бұрын
you and rana khalil are the best
@hexbrokers9115 3 жыл бұрын
my firefox private icognito not load foxyproxy add on for proxying
@mamunurrashid9022 3 жыл бұрын
you need to give permission
@mushtaqueahmed6949 10 ай бұрын
Why you copied and paste csrfKey in PoC from same request. you should copy scrf from attacker request and paste in PoC
@EmilyAnn Жыл бұрын
goddamit! this is not that difficult so why isn't this working for me??
@lie-be4277 5 ай бұрын
same problem. i inspected packets and realized cookie is not changing.
@Fth.44 8 ай бұрын
Bu videodaki her şeyi defalarca yapmama rağmen bir türlü çözemedim tek tek not ediyorum nafile
@sayeu1444 10 ай бұрын
confusing af
@Mr.Hoque. Жыл бұрын
Very confusion video
Michael Sommer
Рет қаралды 7 М.
Rana Khalil
Рет қаралды 30 М.
QAZSPORT TV / ҚАЗСПОРТ TV
Рет қаралды 880 М.
Cool Tool Shorts
Рет қаралды 82 МЛН
Rana Khalil
Рет қаралды 11 М.
QAZSPORT TV / ҚАЗСПОРТ TV
Рет қаралды 880 М.