CSRF Bypass

Work in progress ...

Token-Based

1) Change HTTP method

POST /setting/ HTTP/1.1
Host: www.example.com

password=azerty&token=x

------------------------

HTTP/1.1 403 Forbidden

GET /setting/?password=azerty&token=x
Host: www.example.com

------------------------

HTTP/1.1 200 OK

2) Delete token parameter

GET /setting/?password=azerty
Host: www.example.com

3) Send token from a other account

4) Steal victim's token with

XSS
CORS Misconfiguration
JSON Hijacking
Information disclosure

Referer-Based

1) Delete the referer

2) Regex bypass

https://vuln.co
https://attacker.com?https://vuln.com/
https://vuln.com.attacker.com/
https://attackervuln.com/
https://[email protected]//

3) Open redirect

GET /?redirect=https://example.com/setting/?password=azerty
Host: www.example.com
Referer: https://www.example.com/

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CSRF Bypass

Token-Based

1) Change HTTP method

2) Delete token parameter

3) Send token from a other account

4) Steal victim's token with

Referer-Based

1) Delete the referer

2) Regex bypass

3) Open redirect

4) Change HTTP method

About

Releases

Packages

Reng-Deng-DenG/Bypass-CSRF

Folders and files

Latest commit

History

Repository files navigation

CSRF Bypass

Token-Based

1) Change HTTP method

2) Delete token parameter

3) Send token from a other account

4) Steal victim's token with

Referer-Based

1) Delete the referer

2) Regex bypass

3) Open redirect

4) Change HTTP method

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages