Use burp to generate the POC to verify the CSRF - Code World

Use burp to generate the POC to verify the CSRF

Others 2021-01-27 23:17:11 views: null

Experimental environment: phpstudy, DVWA, burpsuite
Demo process:
<1>Use burp proxy to submit content
(the proxy recommends using the FoxyProxy small plug-in)
Insert picture description here

Insert picture description here

<2>Search for CSRF POC automatic generation option in burp
Insert picture description here

<3>You can see the following to automatically generate POC
Insert picture description here

Automated writing is sometimes unavailable, it is best to change some
<4> and copy the HTML code to the newly created csrf.html
Insert picture description here

<5>Open it
Insert picture description here

<6>Click to request
Insert picture description here

You can see that the password was successfully changed.
Although this method is successful, it must interact with the user to execute successfully, so we need to change the code to make it more difficult to find.
<7>Add two lines of js script code to realize automated virtual requests
Insert picture description here

<8>Open the website again to verify and find that it will quickly jump to greatly reduce the rate of discovery

Guess you like

Origin blog.csdn.net/bring_coco/article/details/111182955

Use burp to generate the POC to verify the CSRF

Use burp suite to verify whether there are csrf vulnerabilities

Generate and verify jwt in java

OA Zhiyuan use of POC

The use of infiltration artifact burp suite

Burp_suite installation and use

Tool class - generate image verification code and verify

burp

postman use csrf token

Use of Spring Security csrf

Use burp to capture the mobile phone APP

Will you use these Burp Suite penetration artifact functions?

Use burp to capture packets on the PC WeChat applet

Use ajax to verify that the account is valid

Use ajax to verify that the account is valid

Use Doxygen to generate documentation

JWT Tutorial: Generate private and public keys, generate jwt tokens, verify jwt tokens

Use List.generate to generate widgets

windows10 download JDK version with low use burp

Use VS Code development and debugging Burp Suite extension

Use burp plug-captcha-killer picture identification code

Information security technology experiment: use burp suite to crack the web background

Security --- detailed explanation of http packet and simple use of burp

[Web Security Introduction] BURP Basic Use Detailed Explanation

Java-use arrays to verify names

Use JS to verify whether the user name is legal

Use custom parameter annotation to verify exception error

Use hardhat to verify smart contracts (goeril testnet)

Is it really possible to use this regex to verify passwords?

Laravel & PHP use Goutte not to verify SSL certificate

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)