In this chapter, we learned about how to detect and exploit one of the most extender vulnerabilities. CSRF is extended, and I think it is easier than other bugs, as it is not commonly reported as others. As a recap, let's have a look at the following points:
- CSRF bugs could be in GET or POST requests. Using one instead of the other is not a protection. It requires more effort to exploit a POST request.
- Remember that the cookies are vulnerable, so always control of them in the client side.
- To detect vulnerable GET requests, just use the map created by the HTTP Proxy, and look for requests to methods in the application, internal or external.
- Pay special attention to APIs. Currently, all the developers want to construct service-oriented applications, and they are susceptible to CSRF attacks.
- Use the <img> tag to test GET requests.
- Create forms to perform actions on vulnerable POST requests, using hidden fields to send the information required by the application.
- There are a lot of anti-CSRF protections, and most of them are included in the most-used web technologies. Avoid reinventing the wheel.