https://github.com/xamiron/csrf-vulnerability

In this repository, I discuss the CSRF vulnerability and how to do execute a CSRF attack.
https://github.com/xamiron/csrf-vulnerability

burpsuite csrf csrf-attacks csrf-form csrf-protection security xss-exploitation

Last synced: 4 months ago
JSON representation

In this repository, I discuss the CSRF vulnerability and how to do execute a CSRF attack.

• Host: GitHub
• URL: https://github.com/xamiron/csrf-vulnerability
• Owner: xamiron
• Created: 2024-02-18T09:37:17.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-02-18T11:27:38.000Z (over 2 years ago)
• Last Synced: 2025-10-03T12:59:49.457Z (8 months ago)
• Topics: burpsuite, csrf, csrf-attacks, csrf-form, csrf-protection, security, xss-exploitation
• Language: HTML
• Homepage:
• Size: 104 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
![csrf](https://github.com/xamiron/CSRF-Vulnerability/assets/120724779/18c3ed79-8884-4d3f-bbcb-6da435c3102e)

# CSRF-Vulnerability 

Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows attackers to trick victims into executing unwanted actions on a web application in which they are currently authenticated. In simpler terms, it's a way for an attacker to make your web browser do something you didn't intend to do, even if you're logged into a trusted website.

# Here are some of the things an attacker could do with a successful CSRF attack:

		  ● Transfer money out of your bank account

		  ● Change your password

		  ● Post embarrassing content on your social media accounts

		  ● Buy items on your online shopping car

# How CSRF attacks work:

	There are two main ways that CSRF attacks can be carried out:

	      1. Tricking the victim into clicking on a malicious link: The attacker can send the victim a link that, when clicked, sends a forged request to the targeted website. The link could be embedded in an email, social media post, or even a seemingly harmless image.

	      2. Embedding malicious code on a website: The attacker can embed malicious code on awebsite that the victim is likely to visit. This code can then send a forged request to the targeted website without the victim's knowledge or consent

# How it can Add New Admin Victim Company Profile: 

      Step 1: Open Burp's browser and log in to your account. Submit the "add admin" form, and find the resulting request in your Proxy history.

      Step 2: If you're using Burp Suite Professional, right-click on the request and select Engagement tools / Generate CSRF PoC.

      Step 3: Alternatively, if you're using Burp Suite Community Edition, use the following "https://tools.nakanosec.com/csrf/" just submit the "POST" request it will be convert into html. 

      Step 4: Send the file to victim when victim click this file you will be admin of the victim company.