CSRF Archives • Penetration Testing

Web Exploitation Web Vulnerability Analysis WebApp PenTest

[Collection] Some good Vulnerable Web application Lab for PenTester

WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application…

Web Exploitation Web Vulnerability Analysis WebApp PenTest

Finding and exploiting Cross-site request forgery (CSRF)

do son December 22, 2016 No Comments CSRF penetration testing vuln Vulnerability web app XSRF XSS

Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type…

Web Vulnerability Analysis WebApp PenTest

EasyCSRF: BurpSuite extension for Bypassing CSRF Protection

do son December 9, 2017 No Comments burp suite CSRF

EasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed. For example, content type based protection for API (Rest API, GraphQL API,…

Web Vulnerability Analysis WebApp PenTest

OWSAP Damn Vulnerable Web Sockets: vulnerable web application

do son November 20, 2017 No Comments CSRF Damn Vulnerable Web Sockets sqli XSS

OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is…

Web Vulnerability Analysis WebApp PenTest

Blazy: the modern login page bruteforcer with CSRF, Clickjacking Scanner & WAF Detector

do son October 30, 2017 No Comments Blazy Clickjacking CSRF WAF Detector

Blazy Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector…

Technique

What are CSRF tokens and how do they work?

do son October 25, 2017 No Comments CSRF CSRF tokens

Understanding CSRF The Express team’s csrf and csurf modules frequently have issues popping up concerned about our usage of cryptographic functions. These concerns are unwarranted due to a misunderstanding…

Web Information Gathering Web Vulnerability Analysis WebApp PenTest

Nikto – WebAPP Penetration Testing Tool

do son December 2, 2016 No Comments CSRF nikto sql injection vuln Vulnerability web app XSRF XSS

Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions…

Web Vulnerability Analysis WebApp PenTest

Vane: open source WordPress Vulnerability Scanning

do son December 12, 2016 No Comments CSRF Vulnerability web app Wordpress scanning XSRF XSS

Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live.…

Web Vulnerability Analysis WebApp PenTest

Cross Site Request Forgery [CSRF-XSRF] Vulnerability

TheBlaCkCoDeR October 20, 2016 4 Comments Cross Site Request Forgery [CSRF-XSRF] Vulnerability CSRF web app XSRF XSS

Cross-site request forgery [CSRF], also known as one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious…

Penetration Testing Tools

Auto Web Application Penetration Testing: Vulnerability Scanning

do son February 18, 2017 No Comments CSRF penetration testing Pentesting Vulnerability web app

On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on…