Introduction

In this practical guide, you will be building a banking application. You are creating the money transfer form and it has a recipient and amount field. This is very oversimplified and in most cases, you will notice banks add extra security measures such as requiring the user to re-enter their password when making a transaction and the use of MFA (Multi-factor authentication).

In our example, an attacker will be able to emulate the form on his own website first before we try to put a stop to it.

Make a connection

THE SERVER GETS ERASED EVERY 24 HOURS

• [ ] FTP connection: hackxpert.com
  • [ ] User: Training
  • [ ] Password: test
• [ ] Create a new file on the server
  • [ ] Use “nickname.php” for example “rat.php” where the nickname can be anything, as long as you can copy and paste it

Let's create a CSRF

Enter the following code in your file and upload it to the server.

<?php

session_start();

if(isset($_GET['url'])){
$redirect_url = $_GET['url'];
header("Location: " . $redirect_url);
}

if(isset($_POST['amount'])){
$amount = $_POST['amount'];
$recipient = $_POST['recipient'];
echo "You have sent \\$$amount  to $recipient";
}

?>

<form method="POST">
Amount:<input type="text" id="amount" name="amount" type="number"><br>

Recipient:<input type="text" id="recipient" name="recipient"><br>
<input type="submit">	
</form>

Let's hack it

Now we are going to surf to our page at hackxpert.com/Training/YOURFILE.php and try to create a CSRF PoC.

There are several tools such as burp suite pro's CSRF PoC creator but for the free option I always prefer:

https://security.love/CSRF-PoC-Genorator/

We know it's a POST request from the part:

<form action=YOUR_FILE.php method="POST"> so that should be the easy part