Welcome to the Linux Foundation Forum!
Lab 3.3: How the CSRF flask example is supposed to work?
pliski
Posts: 7
The example of CSRF app in LAB 3.3 does not work.
It is not explained how the malicious html can obtain the Session Id Cookie.
After pasting manually the session Id in the request with Burp it does work, but, I guess, is not how it is supposed to work.
Further information on the pdf will be beneficial as also a working example.
0
Best Answer
-
Ok, it is working now, I must have inverted some steps.
This is what I've done today (pretty much the same as the lab) :
- run the docker demo,
- open localhost:5000 on the Burp browser,
- login with admin / admin,
- run the python evil server,
- in the same Burp browser open another tab for localhost:1337,
- click on submit,
- return to the app tab and refresh,
- the label should have been modified to "Hackzord!".
Solved.
2
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 768 Linux Foundation IT Professional Programs
- 379 Cloud Engineer IT Professional Program
- 175 Advanced Cloud Engineer IT Professional Program
- 75 DevOps IT Professional Program - Discontinued
- 7 DevOps & GitOps IT Professional Program
- 101 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 4 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 11 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 2 Open Source Best Practice Training
- 3 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 796 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 91 Storage
- 771 Linux Distributions
- 81 Debian
- 68 Fedora
- 23 Linux Mint
- 13 Mageia
- 24 openSUSE
- 151 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 120 Mobile Computing
- 20 Android
- 85 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 395 Off Topic
- 121 Introductions
- 30 Study Material
- 1K Programming and Development
- 310 Kernel Development
- 692 Software Development
- 1K Software
- 400 Applications
- 182 Command Line
- 5 Compiling/Installing
- 69 Games
- 318 Installation
- Archived
- 183 Small Talk
- 2 LFD140 Class Forum
- 1.4K LFS258 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)