Skip to content

Latest commit

 

History

History
72 lines (49 loc) · 1.91 KB

README.md

File metadata and controls

72 lines (49 loc) · 1.91 KB

CSRF Examples

Example Cross Site Request Forgery (CSRF) vulnerabilities in action.

Requirements

Install Go Modules

Like any golang project, you will need to download and install the required modules for the project to run. Change into the "csrf" directory:

cd csrf

And then:

go mod vendor && go mod download && go mod tidy

This command installs the golang dependencies needed to run the project in a new directory named vendor.

Once the modules have finished installing, you can run the project like this:

go run main.go

OR

go run main.go withoutCsrf

You should see the following if everything is OK:

Server started and listening at localhost:3000

Try the demo

Start the server without csrf, to see the dangers of these attacks

go run main.go withoutCsrf

Open your browser to and navigate to localhost:3000.

Login using the test account:

  • Username: bob
  • Password: test

In a new tab, navigate to localhost:3001 to view some examples of CSRF exploits. You will notice that the balance goes down everytime you load that page. This is because the page is successfully exploiting a CSRF vulnerability.

See the "fixed" version

To see the csrf version of this demo, just stop the server by pressing CTRL + C to kill the server process and then run

go run main.go

Navigate again to localhost:3000 and login to the test account.

And once more try the page with the CSRF exploits: localhost:3001.

You will notice now that the account balance is unchanged.

Going further

Here are some useful links where you can learn more about this topic: