[SEEDLAB] WEB SECURITY WRITEUP (CSRF Lab Site) #6

On By davidlee

Task 1: Observing HTTP Request

First, install HTTP Header live firefox add-on to capture HTTP Request.

HTTP Request can be captured by the add-on

Also, it can set the type of HTTP request, and manually send some requests.

Task 2: CSRF Attack using GET Request

I will perform a CSRF attack which adds an attacker to a friend list.

To perform this I need to capture request of add-friend.

The GET Request that adds Alice to the friend is as follows:

http://www.csrflabelgg.com/action/friends/add?friend=42&__elgg_ts=1700242030&__elgg_token=BUSKzSeF_cWd2doin2B7nQ&__elgg_ts=1700242030&__elgg_token=BUSKzSeF_cWd2doin2B7nQ

Now I will make an attacker website that adds Boby to the friend list when the victim accesses the site.

Boby’s GUID is 43, so the link is edited to 43.

Now I added a post that has an attacker site:

After signing in to Alice’s account, I clicked the link:

Boby has been added to the friend list.

Task 3: CSRF Attack using POST Request

Task 3 is a task that performs CSRF attack with POST Request to change the “brief description” in the profile.

First, I signed in with Boby’s account. Then I captured the request that changed brief description:

The POST Request is configured as follows:

Since the objective is to change Alice’s brief description, I changed GUID to 42, and also the name to Alice.

Now after signing to Boby’s account, I posted a link that contains the CSRF Attack page.

Finally, Alice clicks the link:

Alice’s brief description has changed.