By | April 7, 2020
freelearningtech

Is Article mai hum apko Cross-site request forgery attack ke bare mai bata rahe hai. Yaha hum apko CSRF Attack ko practically perform karke bata rahe hai.

Cross-site request forgery ka practical aap bhi aise hi platforms par karen. Jinhe Testing ke liye bnaya gaya hai. Jaise Bwapp, DVWA, OWASP.

Hum apki yeh attack Bwapp mai perform karke bata rahe hai. Yeh apko samjhane ke liye btaya ja raha hai CSRF Attack kis tarah se work karta hai.

Note- This Article is only for educational purpose. Don’t miss use your knowledge and skills.

What is Cross-site request forgery attack ?

Apne kabhi na kabhi Cross-site request forgery ke bare mai jarur suna hoga. Cross-site request forgery ko CRSF attack bhi kaha jata hai. Iske bare mai apko website hacking mai bhi btaya gaya hai.

Yeh website mai milne vali ek Vulnerability hai jo aaj ke time mai bhi kafi websites mai mil jati hai. CSRF ka fayda utha kar hackers user se is attack ko perform karvata hai.

Cross-site request forgery tabhi possible ho pata hai jab user login hota hai. Yeh attack ko karne ke bhi alag alag methods hote hai. Ek hacker par depend karta hai veh kis tarah se karta hai.

CSRF attack mai hacker parameters ka use karke user se hi apne according kaam karva leta hai. CSRF ki vulnerability Youtube or netflix mai bhi payi gayi thi.

Chaliye ise example se samjhane ki koshish karte hai. Jaise maan lijiye ek normal user hai veh apne account mai login hai.

Aise mai ek hacker ko pata hai ki Cross-site request forgery ki vulnerability website mai hai. Aap maan lijiye hacker ko user ke account ka password change karna hai.

Aise mai hacker ek link generate karta hai. Veh link ko hacker parameters or HTML ki help se new password fill karva deta hai.

Aise mai hacker social Engineering ke through user ko kisi bhi tarah se link par click karva leta hai.

Aise mai jab user link par click karta hai tab passwrord changed ho jata hai. Is tarah se Cross-site request forgery attack work karta hai.

Cross-site request forgery attack mai hacker pahle se save hui login Cookies ka use karte hai. Facebook hacking mai apko Cookies hijacking btaya gaya hai.

How to Perform CSRF Attack ?

Hum apko CSRF attack Bwapp mai karke bata rahe hai. Aap chahe to yeh attack DVWA mai bhi kar sakte hai. Bwapp ko kaise install kiya jata hai yeh apko bata diya gaya hai.

Sabse pahle aap Bwapp ko install karle. Uske baad aap Cross-site request forgery (change password) ki vulnerability ko select karle. Apke samne kuch is tarah se open ho jayga.

Yeh sab karne ke baad aapko ek html page ko create karna hoga. Aap yeh coding view page source karke bhi le sakte hai. Apko yaha bhi download link mil jayga. Aap chahe to type bhi kar sakte hai.

Yaha is coding mai hidden kiya gaya hai taki user ko show na ho paye. Yeh apko view page source karke bhi mil jayga kuch changes karne hoge. Yeh html page ko redirect kiya gaya hai.

Aap jab ise open karte hai yeh kuch is tarah se open hoga. Yeh sabhi parameters ko link ke sath bhi attach kiya ja sakta hai. Is tarah se Cross-site request forgery attack hota hai.

Vaha user ke samne aisa kuch nahi show hoga bas link par click hote hi password change ho jata hai. Aap yeh DVWA mai bhi kar sakte hai.

Aap dekh sakte hai bina kuch fill kiye hi user jab change ke button par click karta hai password change ho jata hai. Is tarah se CSRF attack ke through password change kiya jata hai.

Cross-site request forgery attack (Transfer Amount)

Jis tarah se CSRF Ki help se password ko change kiya gaya hai. Aise hi apko Bwapp mai transfer amount ke liye bhi option milta hai. Cross-site request forgery (Transfer Amount).

Cross-site request forgery

Yeh apke samne kuch is tarah se open hota hai. Yaha aap dekh sakte hai ek demo account hai. Yaha 1000EUR hai aap yeh dekh sakte hai.

Aise hi hacker ko agar kisi bank ki website mai yeh Vulnerability milti hai tab veh CSRF ki help se paise transfer bhi kar sakte hai.

Cross-site request forgery

Yaha aap dekh sakte hai is tarah se HTML File ko ready karke account mai se amount kaam ho jayegi. Is tarah se CSRF attack work karta hai.

Cross-site request forgery

Yeh file is tarah se create ki gyi hai. Aise mai jab user yaha click karta hai. Aap dekh payege amount ki value kaam ho jayegi. Yaha hacker ne user ke through hi Cross-site request forgery attack kiya hai.

Cross-site request forgery

Aap dekh sakte hai is tarah se hacker bina kisi tarah ki information ko fill kiye ek click ki help se hi amount transfer kar leta hai. Yeh apko btaya gaya hai yeh sab parameters ki help se link mai bhi add kiya ja sakta hai.

Aap dekh sakte hai yaha user ko kisi bhi tarah ka koi button nhi show karvaya gaya hai. Bas link mai hi values ko add kiya gaya hai. Is tarah se bhi Cross-site request forgery attack kiya jata hai.

Download Files

The Conclusion

Main umeed karta hu ki apko Cross-site request forgery attack ke bare mai pata chal gaya hoga. Yeh attack ko apko practically btaya gaya hai.

Aap bhi CSRF ka practical Bwapp ya DVWA mai hi karen. Hum apko yeh clear karden. CSRF ki vulnerability aaj bhi bahut websites mai milti hai.

Aap bug bounty bhi kar sakte hai. Hackers CSRF ka use karke kayi tarah se hacking ko anjam de sakte hai. Yeh sab ek hacker par depend karta hai veh kaise is attack ko karte hai.

Agar apka kisi bhi tarah ka koi question hai aap comment mai puch sakte hai. Aap CSRF ki practice jarur karen. Humare articles ko sabse pahle padne ke liye blog ko subscribe jarur karen.

Agar apko humare articles pasand a rahe hai tab inhe jarur share karen. Yeh sab apko paid courses mai btaya jata hai. Hum apko yeh sab free of cost bata rahe hai.

Thankyou

Share This:

2 Replies to “What is Cross-site request forgery (CSRF Attack) ?”

Leave a Reply

Your email address will not be published. Required fields are marked *