Packt+ | Advance your knowledge in tech

You're reading from Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Product type Paperback

Published in Feb 2018

Publisher

ISBN-13 9781788623377

Length 426 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Ethical Hacking

Authors (3):

Juned Ahmed Ansari

Daniel W. Dieterle

Gilberto Najera-Gutierrez

View More author details

Table of Contents (13) Chapters

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. AJAX, HTML5, and Client-Side Attacks

10. Other Common Security Flaws in Web Applications

11. Using Automated Scanners on Web Applications

12. Other Books You May Enjoy

Leave a review – let other readers know what you think

Exploiting a CSRF flaw

Exploiting this vulnerability through a GET request (parameters sent within the URL) is as easy as convincing the user to browse to a malicious link that will perform the desired action. On the other hand, to exploit a CSRF vulnerability in a POST request requires creating an HTML page with a form or script that submits the request.

Exploiting CSRF in a POST request

In this section, we will focus on exploiting a POST request. We will use Peruggia's user-creation functionality for this exercise. The first step is that you need to know how the request that you want to replicate works; if you log in as admin to Peruggia and create a new user while capturing the traffic with Burp Suite, you can see that the request appears as follows:

The request only includes the newuser (username) and newuserpass (password) parameters. Thus, once the request and parameters that make the change are identified, we need to do the following: