Part 2- DVWA CSRF Attack - KALI LINUX
What is CSRF(Cross Side Request Forgery)?
➔ CSRF is an attack which forces a user to execute maliciousactions preset by an attacker in which they're currently
authenticated.
IN OUR CASE WE WILL USE DVWA
SO LETS FIRE UP DVWA
1, Let's change security level to low.
2, Click on CSRF
3, We will begin our attack. Right click on the page and click on View page source and locate this section(i.e form)
4, Copy the code inside <form>..</form> paste it to your favorite text editor and change as following where the entry in value attribute must be the password you want to keep. In my case, I am going for 'helloworld'. Then save it as HTML file.
5, Open the HTML file and click on the Change button on the file. You'd be redirected to the dvwa's local server and you can see that the password has changed.
Proof of concept
Now Let's try to login with the password, which we changed using CSRF, that is 'helloworld'. You will be able to login and boom you just performed an attack I.e CSRF
PDF VERSION >> http://bit.ly/2nwskjr
0 Comments