creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-csrf-attack-simulation/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.3 KiB
Raw Blame History

API Reference: Performing CSRF Attack Simulation

HTTP Headers for CSRF Protection

Header Description
Set-Cookie: SameSite=Strict Prevents cookie from being sent in cross-site requests
Set-Cookie: SameSite=Lax Allows cookies on top-level GET navigations only
X-CSRF-Token Custom header carrying CSRF token
Origin Sent by browsers on cross-origin POST requests
Referer Indicates the source page of the request

CSRF Token Patterns (HTML)

Pattern Framework
<input name="csrf_token" value="..."> Generic
<input name="csrfmiddlewaretoken"> Django
<input name="authenticity_token"> Ruby on Rails
<input name="__RequestVerificationToken"> ASP.NET
<meta name="csrf-token" content="..."> Rails/Laravel meta tag

requests Library

Method Description
session.get(url) Fetch page to extract CSRF tokens
session.post(url, data) Submit form with/without CSRF token
session.cookies Access session cookies for SameSite analysis

Key Libraries

  • requests (pip install requests): HTTP client with session cookie management
  • beautifulsoup4 (pip install beautifulsoup4): Parse HTML forms and extract tokens
  • selenium (optional): Browser-based CSRF testing with full JS execution

PoC Generation

Element Purpose
<form action="target" method="POST"> Cross-origin form submission
<input type="hidden"> Pre-filled form parameters
document.getElementById().submit() Auto-submit on page load
<img src="target?action=delete"> GET-based CSRF via image tag

OWASP Testing Guide

Test ID Description
WSTG-SESS-05 Testing for Cross-Site Request Forgery

References

Reference in New Issue View Git Blame Copy Permalink