CSRF Bypasses: 1. Check if there is any CSRF token in request, if yes, remove token and send request, is it bypassed? Modify the CSRF token to any other CSRF token, Check if CSRF token is matched with any cookie token, if yes, you can bypass this.
2. You are seeing no CSRF token? Don't be overexcited. 3. There can be origin check on server side, This CSRF protection is done using CORS policy. 4. Origin is always send by the browser, you can't modify or send your own Origin by XMLHttpRequest or Fetch API.
Jul 26, 2019 • 9 tweets • 3 min read
There were some days when I wasn't learning anything,I was not satisfied with the way life was going on,then I heard about most challenging certificate in security #OSCP.I read more than 100 reviews of it and everyone was calling it as tough and requires "TRY HARDER" attitude.
I registered 4 it because I want huge kick on my ass.On first day,I don't even know abt port scanning.Yes,I was ok/somewhat good in linux but never went deep into topics which can be used in exploitation,never knew in my life that gathering info is having significant importance.