Portswigger Academy CSRF Labs

Introduction

What?

Cross-site request forgery (CSRF) is a client-side technique used to attack other users of a web application.

Why?

Cross-site request forgery is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Using CSRF, attackers can send HTTP requests that pretend to come from the victim, carrying out unwanted actions on a victim’s behalf. For example, an attacker could change a password or transfer money from a bank account without permission. If the victim is an administrative account, CSRF can compromise the entire web application.

How?

• Cross-site request forgery (CSRF) techniques

• CSRF vulnerability with no defenses

• CSRF where token validation depends on request method

• CSRF where token validation depends on token being present

• CSRF where token is not tied to user session

• CSRF where token is tied to non-session cookie

• CSRF where token is duplicated in cookie

• SameSite Lax bypass via method override

• SameSite Strict bypass via client-side redirect

• SameSite Strict bypass via sibling domain

• SameSite Lax bypass via cookie refresh

• CSRF where Referer validation depends on header being present

• CSRF with broken Referer validation