• Home
• Services
• Labs
• About
• Contact

Cross-Site Request Forgery Video Demonstration

Cross-site request forgery, also known as click jacking and sometimes abbreviated CSRF, has been around for a number of years. Cross-site request forgery is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

We have put together a basic video demonstration of a cross-site scripting attack. In the demonstration we've used Hacme Casino, an intentionally vulnerable web application, to help visualize the attack. We also use Paros Proxy to help trap the HTTP request and use it to formulate our malicious HTTP request.

While we could dig into much greater detail, our primary intention is to provide a basic understanding of how CSRF attacks are carried out.

Demonstration Details
Again, we will be using the intentionally vulnerable Hacme Casino web app for demonstration purposes. Our objective is to trick our victim user, Bobby Blackjack, into clicking on a malicious URL which will then transfer 1,000 chips to our hacked account belonging to Andy Aces. Just as an aside, the login username we use to hack into Andy Aces' account happens to be a SQL Injection attack.

Click here to view the CSRF video demo

• Company News
• General
• Industry News
• Research

The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com