CSRF test by replacing with invalid csrf token
Vulnerability assessment by replacing the CSRF token with an invalid one
Broken User Authentication (BUA)
How this template works
The template uses API selection filters to specify the criteria for selecting requests to be executed. It filters requests based on the response code being between 200 and 300, or if the request headers, payload, or query parameters contain the keyword "csrf". It also extracts the value of the "csrf" key if found.
The template executes a single request by modifying the header, query parameter, and body parameter with a specific value for the "csrf_key". This is done to intentionally replace the CSRF token and assess the effectiveness of the web application's CSRF protection mechanism.
The template validates the response received from the executed request. It checks if the response code is between 200 and 300, and if the response payload matches at least 80% of the expected payload. Additionally, it checks if the response payload has a length greater than 0. These validation criteria ensure that the unauthorized actions executed due to the absence of a valid CSRF token are successfully detected.
Frequently asked questions
What is the purpose of this test
What are the potential consequences of successful execution of unauthorized actions due to the absence of a CSRF token
What category and subcategory does this test fall under
What is the severity level of this test
What are the selection filters used to identify relevant API requests for this test
What modifications are made to the API requests during the execution of this test