SIMPLE CSRF TOKEN PROTECTION

[{"selector":"#anim-cb60e9ef-5a6e-49fa-95eb-84d33ef1f34c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-00453146-7f14-41e9-b1d7-9fb9ee5650b4","keyframes":{"transform":["translate3d(0px, -1308.95122%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-fec759f5-469d-4e4f-a764-00361b99fa08","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-82c2fd50-6ace-49c2-8deb-7a54c1a1cf3e","keyframes":{"transform":["translate3d(0px, 138.01168%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-380c687a-f961-4fe0-90e1-6d436eea2555","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4a16ea38-987d-4f9a-8ac8-8679abb9ffcc","keyframes":{"transform":["translate3d(0px, 287.40743%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] PHP (quick guide & example)

WHAT IS CSRF?

[{"selector":"#anim-1610aa5b-986b-47ef-a188-da1b66c3e5f9","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-55e61742-df38-4467-b362-588cbdd62cf0","keyframes":{"transform":["translate3d(-115.14196%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e862a219-a608-4cb9-be4e-cbc5a5a09af0","keyframes":{"opacity":[0,1]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-04ca6c78-4913-41ab-9e8d-3040aee15758","keyframes":{"transform":["translate3d(-115.50632%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-52d8ccdb-9ca6-465f-82e6-67979c53679d","keyframes":{"opacity":[0,1]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5160e36d-7c9b-4356-896f-fb0f1ce9809b","keyframes":{"transform":["translate3d(-115.14196%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CSRF = Cross-Site Request Forgery. When there are 2 sites - Legit and bad. Bad website masquerades as the good one, to bait users into doing a forged request on the legit site.

CSRF ATTACK EXAMPLE A

[{"selector":"#anim-7e16e242-e02d-4032-87fa-cf3117ba79d0","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-758a1dc5-5771-4490-af9f-717848685b89","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-db5d3186-3c87-4542-8840-89661996ae7f","keyframes":{"opacity":[1,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-b966b208-4981-4539-8242-edeb48632ddf","keyframes":{"transform":["scale(3)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] DELETE ACCOUNT FORM ON LEGIT SITE <form action="http://site.com/delete/" > <p>Type "CONFIRM" to proceed.</p> <input type="text" name="confirm"> <input type="submit" value="Go"> </form>

CSRF ATTACK EXAMPLE B

[{"selector":"#anim-026a23b3-b23a-4b90-9725-f173595f1a62","keyframes":{"opacity":[1,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-9d28ca1f-ce34-4ecc-8c76-afc12843286e","keyframes":{"transform":["scale(3)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-46decf60-c74d-44bc-a97b-3fa36aa40d5f","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-ef7ed972-b5de-43e3-9761-60556d3af985","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] FAKE FORM ON BAD WEBSITE THAT DELETES ACCOUNT ON LEGIT SITE <form action="http://site.com/delete/" > <p>CLICK TO REDEEM PRIZE!</p> <input type="hidden" name="confirm" value="CONFIRM"> <input type="submit" value="WIN!"> </form>

CSRF ATTACK PREVENTION

[{"selector":"#anim-f9a4bec6-2034-44b7-b0dd-cb3d69044a7c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-38e68877-b543-4eaa-bee0-e3737c772980","keyframes":{"transform":["translate3d(-115.2381%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-15ac7cc2-4769-4934-a949-40cc02026f79","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8c80989d-33be-4b89-bcc3-5abf74280ab7","keyframes":{"transform":["translate3d(119.34425%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] GENERATE RANDOM TOKEN session_start(); $_SESSION["token"] = bin2hex(random_bytes(32)); $_SESSION["expire"] = time() + 3600; EMBED TOKEN INTO FORM <form method="post"> <input type="hidden" name="token" value="<?=$_SESSION["token"]?>"> <input type="email" name="email"> <input type="submit" value="Go!"> </form>

CSRF ATTACK PREVENTION

[{"selector":"#anim-9bc64c48-92d0-408d-914f-255ade10c4da","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4917afcf-325e-4161-99d2-dcbf5c681242","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d17c9649-369f-4df6-964d-0ef50969a82a","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b856429d-7e1e-4825-a7e1-563529b325be","keyframes":{"transform":["translate3d(114.87342%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-df3bc83f-dadb-40fc-9f63-db8463e506b0","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-3d77fd7c-9533-40fa-b166-8f43055024c2","keyframes":{"transform":["translate3d(0px, 196.29626%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CHECK TOKEN if (isset($_POST["token"]) && isset($_SESSION["token"]) && isset($_SESSION["expire"]) && $_SESSION["token"]==$_POST["token"]) { EXPIRED? if (time()>=$_SESSION["expire"]) { exit(); } PROCEED unset($_SESSION["token"]); unset($_SESSION["expire"]); echo "OK"; }

VISIT & FOLLOW

[{"selector":"#anim-561e2e61-e1c2-4fb2-93bf-a3d3e4284b20","keyframes":{"opacity":[0,1]},"delay":2000,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4245bc6e-cb2f-4573-87ed-cb0cfe1c4e97","keyframes":{"opacity":[0,1]},"delay":2000,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-3de2aa5a-dd42-4bcc-9a02-54f48b47e395","keyframes":{"transform":["translate3d(-128.43511%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2000,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c2e741e4-9f48-47ea-95b5-4ac011d7f4cb","keyframes":{"opacity":[0,1]},"delay":2400,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-805685ba-b1fe-4476-9958-b4167b94b48a","keyframes":{"transform":["translate3d(-151.73267%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2400,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7a27ae1e-182b-41a2-b0f9-7ec8aca9d46c","keyframes":{"opacity":[0,1]},"delay":2600,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-403982b7-ec19-4b79-a8e5-7760800fd518","keyframes":{"transform":["translate3d(-151.23154%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2600,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-27a8795b-903a-4c3c-bc47-84a53f354ab8","keyframes":{"opacity":[0,1]},"delay":2200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e5965ea3-e555-4b0e-b00f-5342f61da57a","keyframes":{"transform":["translate3d(-170.2941%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5de919bf-5e0e-4f9c-b85b-71e52e4f7ab2 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(-9.005899657028372%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

SIMPLE CSRF TOKEN PROTECTION

WHAT IS CSRF?

1A

CSRF ATTACK EXAMPLE A

1B

CSRF ATTACK EXAMPLE B

1C

CSRF ATTACK PREVENTION

2A

CSRF ATTACK PREVENTION

2B

VISIT & FOLLOW

CODE BOXX YOUTUBE

CODE BOXX PINTEREST

FULL TUTORIAL