Cross-Site Request Forgery (CSRF) Explained

preview_player
Показать описание

💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:

JOIN DISCORD:

🆓 🆓 🆓 $200 DigitalOcean Credit:

💬 Social Media

Timestamp
----
00:00 - Introduction
00:06 - Importance of understanding CSRF in bug bounty hunting and pentesting.
04:50 - Risk of unauthorized access due to lack of CSRF protection and reliance on current password.
07:16 - Testing different methods to bypass CSRF protection on a website.
09:34 - Identifying and exploiting CSRF vulnerability by manipulating CSRF token and parameters.

#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
Рекомендации по теме
Комментарии
Автор

Wow... This is amazing!!! I have been struggling trying to understand CSRF attacks. This video has helped a lot. Thank you Ben for these amazing videos.

santiagotaboada
Автор

Thanks as usual Ben, You're still da man bro :) I've been having some medical issues lately so I'm in the 10 possibly even15 week program but it's ok i could never work for you at this point in time anyways. I'm sure you wouldn't remember but last year about this time I commented on a video saying i was a 51yr old paraplegic who didn't know Linux, the terminal, heck i never even used a computer the only tech i new was my cell and how to email someone on it 🤷‍♂🤦‍♂. I seen one of your videos and thought i can learn bug bounty and make money from home because I'm stuck in a nursing home so i am going to teach myself so i can pay for help and get my own place. I'm proud to say I'm on my way since I'm teaching myself everything i gave 1.5 to 2 years where i can learn enough to make steady money to go with my SS check not a million dollar hacker like you but steady money and I'm proud to say I'm on track chugging along slow but steady :)

MFoster
Автор

The question of "so what" (1:52), or as I like to ask about nearly everything in life, "who cares?" If people care about the vulnerability then it gains severity. The more "destructive" you can pitch the vulnerability as the higher the severity and two low severity vulns could easily become a critical vuln if combo'd so don't just report low bugs, you are only screwing yourself over.

papafhill
Автор

5WP and thanks for the content as always! Hope to meet you at Defcon

MarkFoudy
Автор

Thanks for video, 👍 but what happened to Q&A video on CSRF ....? it is marked as private.... Will it be available sooner?

vis
Автор

hallo ben thanks for making this video, I want to ask you how to execute csrf on graphql?

vallerioalvaren
Автор

I started to watch all your 5w from xss, and i have a question, where can i find my first vulnerability, i know how does this vulnerability loo k like but i dont know where should i looking for them, mayby every web page i working with?

sQbhAn
Автор

from 5wp. tnx a lot 'soltan' nahamsec

bigbugbang-lrsy
Автор

I cannot reproduce what you are doing on notifications / email, I cannot change anything

RealEyes
Автор

5WP - thanks for the video, time to go see how good coca-cola is at csrf protections!

DanMulvey
Автор

I don’t understand . You talk and explain the concept so fast that i can’t even comprehend what is going on

programmerbully
Автор

I could not understand the part where you framed an HTML element using <img/src> tag. I tried opening it and was unable to execute the action that I intended to. My second question isa if I were to delete any user info I would not have the access to the other user's account usually. How would I find the id value in that case.

adhishrikothiyal.dreamz
Автор

Bro will you update you Bug Bounty Course on Udemy???

Fesssa
Автор

What is this caido that you are using? Is it better than burpsuite?

madatch
Автор

5wp and thank you for eveerything you do

pyrexpimpin
Автор

I haven't found the first security vulnerabilities yet and I'm very disappointed😭

hiamealhilwa
Автор

\\alert('5WP')//; Thanks Nahamsec ...

leghdaf
Автор

Please explain how to approach web apps with json content-type in the case of csrf?

gk_eth
Автор

<script>alert(5wp)</script>

badcops