pillar. Welcome back to the course. You did fire me, but like through logs Amigo Vieira And in the last video we talked about cross eyed, screeching attacks
in this, really, we discuss about gross ID requests, forgery.
Let's start with the learning objectives.
The lone objectives are
review cross eyed request forgery and identify the attack with the log. Analysis
The girl's side Request forgery. Exploit the trust between the Web sever and easy browsers
supposed that relaxes your Internet bank website.
Everything goes okay, you do or wherever you need to do. And after you access a malicious website,
this malicious website, you try to send a malicious comments to your Web browser. Your browser. You execute the Commons.
The malicious common could be a money transfer to the Attackers account
they use. It will not see the request, and this could happen because the bank website trusts they use a browser.
Maybe you're thinking cross ice cubes for you is the same score side script,
Even if the name a similar, the attacker is different in the cross. I skipped forgery.
This is off. The attack did not connect directly to the Web server.
That's why the name is forgery
in our leg. We have a vulnerable Web application, and in this case they will never building allows to change the user password. First, let's see the logs off a normal request.
The deficit lines are dead. Logan in the access to the vulnerable Web page.
The next line is the user changing the best words.
We can see the clients I p address
they requested file with the pass or change and they refer.
Also, take a look on the time the next log. It is malicious request. You can see the same I P address and another requires to change. The password
can identify another difference between the two logs.
One of the differences is the password.
here. We do not have the refer,
and this new password change requests
happened sometime before the first request.
In summary house identify cross that request forgery.
He fairer is the best way to identify.
If you notice on the Spectra refer,
it is a good indication that something is wrong.
Another thing is difference. Behavior from the user,
like changing, are trying to change the password.
Many times in my small period of time,
I'll save me actions, and that is my period of time.
Pushups. That's my question
cross I requested for the attack only happens if they use the browsers is compromised.
Is this information through a force
this offer missions force.
Most of the time, the attacker will happen because a user connected with a malicious websites
for the next question and that is the way blocked below and identify the possible attack type.
Here you have suppose methods
both the change of location webpage
and with Martin one minutes off difference between the two requests also notice that the refer changes
so this could be a cross side. Your question for the attack. Using the Post requests
the source off attack is they were page lyrical dogs that gone sis is opposed. Request. We cannot see the user of the password
sent by the malicious Web server that hosts little Good Dogs. Website. Very summery in There's Really which Coast
gross I'd requested for the attack.
And despite the attack on allies in the Web, several logs
for the next video. We won allies, other source off logs