CSRF Login attack
Hackers trick users to log into their account by forging requests, exploiting server authentication.
Broken User Authentication (BUA)
How this template works
APIs Selection
The template uses API selection filters to specify criteria for selecting the desired API requests. In this case, it filters requests based on the response code being between 200 and 299, the URL containing certain keywords related to login, and the request payload containing certain keywords related to passwords.
Execute request
The template specifies a single request to be executed. It deletes a specific header from the request using the extracted value from the request headers. This step is performed to simulate the removal of a potentially vulnerable header that could be exploited in a CSRF login attack.
Validation
The template defines validation criteria for the response received from the executed request. It checks that the response code is between 200 and 299, the response payload matches at least 80% of the expected payload, and the response length is greater than 0. These validations ensure that the request was successful and the response meets the expected criteria.
Frequently asked questions
What is the purpose of the CSRF_LOGIN_ATTACK array in this test
How are the API selection filters used in this test
What does the execute section of the test do
How is the response validated in this test
What are some potential impacts of a successful login CSRF attack
What are some references for further information on CSRF login attacks
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
