JSON Cross-Site Request Forgery

This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used

PRO
Tier
Medium
< 1 Hr.
1327
Orange Badge

Course


This course provides a comprehensive guide to exploiting Cross-Site Request Forgery (CSRF) vulnerabilities. Initially, it introduces the concept of CSRF and the common defenses against it, such as the use of the SameSite cookie attribute. The course then delves into JSON-based CSRF attacks, explaining how to manipulate form attributes to send JSON payloads despite server-side content type checks.

In addition, the course includes a practical exercise where participants create a malicious webpage to exploit a CSRF vulnerability in a fictional web application. This hands-on approach ensures that learners not only understand the theory but also gain practical skills in detecting and exploiting CSRF vulnerabilities. The video transcript supplements the course material by walking through an example attack, highlighting the intricacies of crafting a successful CSRF payload.

Want to learn more? Get started with PentesterLab Pro! GO PRO