[ Hacker Night School ] :: CSRF

Cross Site Request Forgery

CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance.

Where to Learn

First, read this OWASP presentation:

Next, webpwnized is your friend. Watch these videos:

Cross-Site Request Forgery Explained – Part 1: Basic CSRF

Cross-Site Request Forgery Explained – Part 2: Advanced CSRF

Using Burp-Suite Sequencer to Compare CSRF-token strengths

Test Your Skills




  1. Watch the videos.
  2. Do the hacks.
Series Navigation<< [ Hacker Night School ] :: WEP Cracking Basics in Kali[ Hacker Night School ] :: A Memory Forensics with Volatility Writeup >>

Leave a Reply