CSRF attacks

Cross-Site Request Forgery (CSRF) attacks deceive the victim's browser into sending a manipulated request to the vulnerable application while the victim is logged in. So, an application should make sure the request is legitimate.

As a CSRF attack is an attack on a logged-in user, we have to send the session cookie with the request. We can use cookielib to remember cookies between sessions:

import mechanize 
 
 
cookies = mechanize.CookieJar() 
 
cookie_opener = mechanize.build_opener(mechanize.HTTPCookieProcessor(cookies)) 
mechanize.install_opener(cookie_opener)  
 
url = "http://www.webscantest.com/crosstraining/aboutyou.php" 
 
 
 
res = mechanize.urlopen(url) 
 
content = res.read()

To test for CSRF, we have to submit the form from a page other than the ...

Get Effective Python Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Python Penetration Testing by Rejah Rehim

CSRF attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly