1. Change GET request to POST request, and vice versa.
2. Remove the CSRF token and send the request and check whether the application is accepting the request without the token.And also send empty parameter and check.
3. Change some part of the token and check, First part of the token is static(same for all users), second part is dynamic(different for all users) for some applications, Use random value in dynamic part.
4. Check whether the token is tied to user session or not, if not u can exploit.
5. Check CSRF token is tied to CSRF cookie,u can do that by 1-Submiting invalid CSRF token and check 2-Submiting a valid CSRF token from another user and check.
6. Try to guess the CSRF token, some applications use guessable CSRF token like base64.
7. Check whether token is tied to a non-session cookie, if not u can exploit it.
8. Remove the referer header and check.
9. And also check which portion of the referer Header is the application validating. And manipulate that portion.
10. Use a session fixation technique to make the victim's browser store whatever the value u choose as the CSRF token cookie, then execute CSRF with the same CSRF token that you choose as a cookie.
Requirements:
- Mac (Intel/M1/M2) Or Mobexler virtual machine (Apple proprietary tools not available)
- Jailbroken iPhone Or Corellium virtual iOS device
Starting iOS App Pentest:
- Reverse engineer the IPA to check for hardcoded secrets, sensitive info etc. (Book Ref: amazon.com/Mobile-App-Revβ¦)
- Run MobSF static analysis, review the findings and manually validate the interesting points
Make sure you have a strong
foundation of knowledge and
skills. As a beginner focus on
improving your knowledge day
today and stay up-to-date on the
latest attacks, trends, and technologies in this field.
2. NETWORKING
Networking is a key to every
domain of IT. Attend industry
events, and connect with other
cybersecurity professionals to
build your network and maintain
a good contact.
- Do Penetration student course from @ine or Practical Ethical Hacking course from @TCMSecurity
- Learn OWASP top 10
- Go through the Web Security Academy from @PortSwigger (Burp Suite is one of the main tools for Web Pentest and it has a community edition)
- Practice your knowledge using vulnerable apps, like Webgoat, Juice Shop, @hackthebox_eu, @RealTryHackMe, @VulnHub and others. There are so many