Difference between revisions of "CSRF - Practical example using Burp Suite and portswigger.net"

Summary

This article describes how the Labs of portswigger.net can be used to show how a CSRF attack is done. In contrary to other articles these labs don't need further installation of software except of the Burp Suite Tool. By using the labs on portswigger.net also different difficulties can be tried and therefore the usage of different defence methods against CSRF can be experienced practically.

Requirements

• Software: Burp Suite Community Edition/ Professional

In order to run Burp Suite you need to fullfill the following requirements:

• CPU Cores/Memory:
  • Minimum: 2x cores, 4GB RAM - This spec is suitable for basic tasks such as proxying web traffic and simple Intruder attacks. While Burp Suite may run on a machine with a lower specification than this, we do not recommend doing so for performance reasons.
  • Recommended: 2x cores, 16GB RAM - This is a good general-purpose spec.
  • Advanced: 4x cores, 32GB RAM - This spec is suitable for more intensive tasks, such as complex Intruder attacks or large automated scans.

• Free Disk Space:
  • Basic installation: 1GB
  • Per project file: 2GB

• Operating system:
  • Windows (Intel 64-bit)
  • Linux (Intel and ARM 64-bit)
  • OS X (Intel 64-bit and Apple M1)

In order to complete these steps, you must have followed Some Other Documentation before.

Description

Step 1

Enter these commands in the shell

echo foo
echo bar

Step 2

Make sure to read

• War and Peace
• Lord of the Rings
• The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

• A course where this documentation was used (2017, 2018)
• Another one (2018)

References

• https://wikipedia.org
• https://google.com