@4:53 one of the important things to mention here is that the csrf token is good only as long as it is mapped to the user's session ID in the backend. Otherwise, the attacker might simply obtain a valid CSRF token by visiting the main website themself and inject it into the malicious requests. Tying the token to the user's session and validating that on the backend for each request is very important.
Man, I tried researching how CSRF attacks worked last year and I never got a solid grasp of it. This video changed that. As a cybersecurity enthusiast and web developer, this is super helpful!
There's tens of thousands of videos on Csrf but you easily beat all of them. Yet the number of views you got aren't nearly as close as theirs. Niche youtubers like you are ahead of the time. I hope people like you are revered in coming 5 years
I watched around 15 videos regarding csrf and you are the only one who explained it clearly. Also not everyone stressed on "the browser automatically sends the cookies".
I still don't understand it. What does it mean? What cookies? All the cookies from all the tabs opened in the browser are sent with all POST requests that are being made on whichever tab?
@@kornelijekovac9793 All the cookies from one website will be sent to the server of that website on each request (with website I mean domain, not origin). The most important cookie is the one with the session id (SID), which identifies the user. More about this can be found if you search for "session management".
was curious if tokens really work since you could just make a GET and read the token then post. glad you answered that question very quickly. awesome video. i will subscribe
I often find it hard to focus on educational videos like this, but somehow your videos have all of my attention. Not sure what voodoo you're using but it's working!
As I understand it, fetch and XHR require `useCredentials` to send the cookies along with the request which needs to be explicitly stated on the CORS header Access-Control-Allow-Credentials. Otherwise cookies are not being sent and the CSRF fails.
I found a CSRF on a large website with > 500k members, so it's more common than you think! It allowed me to send their coins to my account, and those coins were bought with real money, so it was a decently critical flaw
Fucking A . i had to do couple of days of deep research to understand some of those concepts in order to have some idea about where the exploits would be . you just explained it PERFECTLY in simple terms and visuals and confirmed some of my thoughts :D . u did share some valuable and accurate information despite supid youtube terms n policies. Thank you sir for the clues XD
Before sending the delete request, isn't the browser sending a preflight OPTIONS request to the server which will return an error and the delete request won't happen anymore ?
yeah. Just as a note, It seems that you can actually send a simple request to the server and the request will go through but you won't be able to read the response due to cors. namely if you don't have any headers on your request but then again that means you won't have any cookies and won't be carrying any state so pretty useless all in all.
@Orora Brian You can still do CSRF for non-authenticated requests, such as an anonymous message on a blog post or something, which is not entirely harmless
I love your videos there amazing , professional ! but I guess slow down a little bit for new people, other than that your the best I have ever being taught
Because simply flash will forward the request as string and then the site will convert it into header and “ key = value “ type so that it would be readable by the API of vuln.com!
Is it true that SOP allows to send request cross domain but not read the responses? Why would even a request be even triggered by the browser if there is a SOP?
Thats an example of Cross Origin Request, you can make requests to any website, but the response can't be read due to SOP unless the site let's you explicitly.
![BOWKYLION - วิงวอน (ex-change) [Official MV]](http://i.ytimg.com/vi/cLdnZWDaO-w/mqdefault.jpg)
@4:53
one of the important things to mention here is that the csrf token is good only as long as it is mapped to the user's session ID in the backend. Otherwise, the attacker might simply obtain a valid CSRF token by visiting the main website themself and inject it into the malicious requests.
Tying the token to the user's session and validating that on the backend for each request is very important.
i came from LiveOverflow channel , i so glad to be here !
your channel is interesting , love it . keep up the good work
Man, I tried researching how CSRF attacks worked last year and I never got a solid grasp of it.
This video changed that.
As a cybersecurity enthusiast and web developer, this is super helpful!
Seriously cant say it enough. I freaking love your videos
I second that notion
There's tens of thousands of videos on Csrf but you easily beat all of them. Yet the number of views you got aren't nearly as close as theirs. Niche youtubers like you are ahead of the time. I hope people like you are revered in coming 5 years
Yeah, late in the game, but it's totally fine, I'm just trying to give somethin back to the community.
Look at it now ;)
Damn, dude really planted the seed and let it grow
"Cat-Site Request Forgery"
I watched around 15 videos regarding csrf and you are the only one who explained it clearly. Also not everyone stressed on "the browser automatically sends the cookies".
truuu
I still don't understand it. What does it mean? What cookies? All the cookies from all the tabs opened in the browser are sent with all POST requests that are being made on whichever tab?
@@kornelijekovac9793 All the cookies from one website will be sent to the server of that website on each request (with website I mean domain, not origin). The most important cookie is the one with the session id (SID), which identifies the user. More about this can be found if you search for "session management".
@@bsmldy8681 But how can cookies from two different tabs intermingle?
not sure what you mean by that
No words to describe how much informational these videos are.
Thank you.
I genuinely don't understand why you stop creating videos. Your style is so cool.
He's back!
we need more of these.
literally a free service to everyone genuinely interested
the music and naration in the intro made me feel like I'm discovering a mistery in another new world, lol. great video
Wow , I love the graphical explanatory video, really easy to follow and understand in concordance with explication
I really enjoyed your theme of explanation and the background music. sounded adventurous
was curious if tokens really work since you could just make a GET and read the token then post. glad you answered that question very quickly. awesome video. i will subscribe
Third video of yours that came up, and perfectly described the concept. Subscribed
Great Video and your drawing is amazing bro that google logo and the adobe logo was so perfect.
You are just awesome man. Why doesn't TH-cam show such search results at the top. I couldn't find you when I needed but now I am happy. Thanks bro..
Bruh you need to create more content like this. Also you give example are to fast but over all your the best. 11/10.
Just came by from watching LiveOverflow's video. I subbed and put on the bell notification on. This channel looks so cool
Incredibly amazing video as always. Very great explanation, and I love your color choices and how you draw/write everything
Came from Stök's channel. Absolutely loving it now! Subscribed and belled👏
I often find it hard to focus on educational videos like this, but somehow your videos have all of my attention. Not sure what voodoo you're using but it's working!
As someone who pioneered csrf in 2007 this is a great video
Great content. I can't believe this is free!
PS: I love your colour scheme
Wunderbar...................U r one awsme teacher. Hats off to the effort you put in, for us mere novices.
You explained this better than the skillsoft guys, that's for sure
You put lots of effort into your videos. Transitions are amazing. Wonderful production.
As I understand it, fetch and XHR require `useCredentials` to send the cookies along with the request which needs to be explicitly stated on the CORS header Access-Control-Allow-Credentials. Otherwise cookies are not being sent and the CSRF fails.
This is one of the best channel I have encountered 😍
Thankyou for your videos. I would very much like to see a video on Insecure CORS and ways to escalate it :)
you concept and style of teaching is lovely!..keep it up
I found a CSRF on a large website with > 500k members, so it's more common than you think! It allowed me to send their coins to my account, and those coins were bought with real money, so it was a decently critical flaw
Was watching live overflows vid a month ago, and look at me now, watching each video of yours everyday
Awesome video. I hope that you explain some bugs like vulnerable flash files, JSONP and email spoofing
Amazing content as always, big fan of your videos and tutorials, thank you so much ;D
Amazing 😅 , i learn a lot of new concepts in one video , but i think i will re-watch it later , some of them seem confusing !
You definitely deserve more subs ;)
*Sees **11:42*
*Cries with Respect*
You need more likes. Your work is needed for every developer.
Videos are so interesting and clear with basic to advance. Keep going 😀
incredibly informative!
Such a good video. I love the voice as well: cute and reliable
I Love PwnFunction Video's ILLUSTRATION🔥🙌⚡😍
Great explanation bro, Keep up the good work.
Wish ya da best.
Great video, to the point and thoroughly explained the main concept.
Love the style of explanation!
the best channel, thanks brother for the knowledge
Fucking A . i had to do couple of days of deep research to understand some of those concepts in order to have some idea about where the exploits would be . you just explained it PERFECTLY in simple terms and visuals and confirmed some of my thoughts :D . u did share some valuable and accurate information despite supid youtube terms n policies. Thank you sir for the clues XD
you should make more cyber security videos i LOVE them!!!
this made me rethink my web security holy shit.
Before sending the delete request, isn't the browser sending a preflight OPTIONS request to the server which will return an error and the delete request won't happen anymore ?
I was thinking the same. Ideally CORS would have stopped this.
yes. In case of Ajax request , SOP will stop the request as the preflight will return error
yeah. Just as a note, It seems that you can actually send a simple request to the server and the request will go through but you won't be able to read the response due to cors. namely if you don't have any headers on your request but then again that means you won't have any cookies and won't be carrying any state so pretty useless all in all.
As cors is just client sided, for a hacker this isn't difficult to bypass it
@Orora Brian You can still do CSRF for non-authenticated requests, such as an anonymous message on a blog post or something, which is not entirely harmless
Very nice video, I love the explanation!
Hi PwnFunction , just found your channel , your animations on this video are fantastic , can you share what app you use ? Thanks & Great Job
Adobe animate to draw, Audacity/Auditions to edit sound and Premiere pro for editing vid.
Crystal clear explanation. Thanks a ton
I love your videos there amazing , professional ! but I guess slow down a little bit for new people,
other than that your the best I have ever being taught
This is very well explained, appreciated
probably the best explanation out there
wtf you deserve way more likes on this
Best explanation I've ever heard!
12:47
I dont understand why the json data + the content type header are first passed through a redirect(?) then to the vulnerable site?
Because simply flash will forward the request as string and then the site will convert it into header and “ key = value “ type so that it would be readable by the API of vuln.com!
Thanks for making this. Really nice!
that is so cool.
Mama told me to go on CS degree🤣
Your videos are amazing. Clean, informational, and perfect. I should have found your channel earlier.
Great videos.........Thank you for posting them
FLASH ISN’T GONE!!
Thanks to projects like Ruffle, people can emulate Adobe flash, and Actionscript 1 & 2!
came from BuferOverflow :p he mentioned u
Very clear explanation. Thanks!
Very informative but couldn't ignore the sharp pitch whenever you pronounce 's'.
God has sent you for a special purpose !! Teach us kid.
Great explained, thanks🔥
most of the cases of being bypassed by other domains for a kind of request is by using */wildcard in CORS
not to mention the sick ass intro
Thank you for the great explanation! How did you made that animated slides, what tool is it?
your channel is a gold mine !!
Awesome explanation! Tks!
Amazing video, so clear!
thank you
this is the best. freaking cool
Ok, good stuff. Subscribed.
🔥
That's crazy explanation, Thanks a lot
Well done sir, keep them coming! :)
Nice video thanks for the amazing content
Question: Why not just use postman and set the headers?
Thanks
You can.... If you want to hack only yourself.
You saved me. Thank you so much
Love your videos! Please make more :3
Subscribed you brainy Penguin!
Does the Flash CSRF JSON trick still work?
yes it does, it requires the victim to allow flash though, but it works neverthless
Is it true that SOP allows to send request cross domain but not read the responses? Why would even a request be even triggered by the browser if there is a SOP?
Great Explanation ✅
Basic question 😐=> If the same origin policy blocks the request from different domain, how can cat.com make request on behalf of vulnerable.com? 🤔
Thats an example of Cross Origin Request, you can make requests to any website, but the response can't be read due to SOP unless the site let's you explicitly.
Come on more video , u r just awesome !!!
Explained well, props to you
Great video, can you please shed a bit more light on how a csrf token actually protect against a csrf attack?
that the office reference :')
MASHA ALLAH
Hey Bro, your videos is amazing, where do you get your knowledge from?
LiveOverflow is my senpai.
For when pwn videos ?
Very good stuff :)
Awesome ! Thank you !
love your videos this is a god's work
You're videos are awesome