SIMPLE CSRF TOKEN PROTECTION

[{"selector":"#anim-00106f60-ef74-46f3-97b1-57b677e7fb6b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d03ba1ef-8381-43e6-ba01-ce00f2f12aac","keyframes":{"transform":["translate3d(0px, -1308.95122%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-77d7315b-12bc-4ec9-9da0-4d21468c4c64","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d674c60a-3982-40ba-83dc-25ba4b7e0532","keyframes":{"transform":["translate3d(0px, 138.01168%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-78bcd689-0c4d-4326-9ee2-06a4b7e284fc","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6943300a-a42e-4299-9c0b-1895302f6748","keyframes":{"transform":["translate3d(0px, 287.40743%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] PHP (quick guide & example)

WHAT IS CSRF?

[{"selector":"#anim-43ead3c6-bb64-4b00-bf5a-bbc5622a951a","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-51c8aef9-bf18-4cc5-ae60-7691f9579ed2","keyframes":{"transform":["translate3d(-115.14196%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-88f588f9-23db-4c8a-bc0f-79699afd04a6","keyframes":{"opacity":[0,1]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-07b66fcf-1948-44af-9150-d4177bfd00e0","keyframes":{"transform":["translate3d(-115.50632%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-2228883a-c026-446f-aefa-91928ac7493e","keyframes":{"opacity":[0,1]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7107ab90-e99f-46f7-be49-b9f2305ad1aa","keyframes":{"transform":["translate3d(-115.14196%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CSRF = Cross-Site Request Forgery. When there are 2 sites - Legit and bad. Bad website masquerades as the good one, to bait users into doing a forged request on the legit site.

CSRF ATTACK EXAMPLE A

[{"selector":"#anim-cb903ba7-5ae1-42ac-9633-73a308a57edb","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-7bce44a7-be2c-4378-8ef1-bb00f8e4eebe","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-47610f71-04b5-493d-84f6-1d1b9674f6fb","keyframes":{"opacity":[1,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-78faf41a-64a4-48ff-966d-f84cd50bee6c","keyframes":{"transform":["scale(3)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] DELETE ACCOUNT FORM ON LEGIT SITE <form action="http://site.com/delete/" > <p>Type "CONFIRM" to proceed.</p> <input type="text" name="confirm"> <input type="submit" value="Go"> </form>

CSRF ATTACK EXAMPLE B

[{"selector":"#anim-1d8b6242-3d1a-401c-ad48-d8d8a882eaeb","keyframes":{"opacity":[1,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-d9a542fb-3593-40c0-9451-a4bab3f9dd6d","keyframes":{"transform":["scale(3)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-6715704b-1b1b-4693-a1a0-1d0494823408","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-b722455e-bb82-4dd2-901f-179372d20ba0","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] FAKE FORM ON BAD WEBSITE THAT DELETES ACCOUNT ON LEGIT SITE <form action="http://site.com/delete/" > <p>CLICK TO REDEEM PRIZE!</p> <input type="hidden" name="confirm" value="CONFIRM"> <input type="submit" value="WIN!"> </form>

CSRF ATTACK PREVENTION

[{"selector":"#anim-7e444c5a-27ad-48fa-a2d4-ec15a6bed498","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-25654ea0-1126-4e82-968d-40da7a7fbd7f","keyframes":{"transform":["translate3d(-115.2381%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-78ae5f28-b3c0-4fea-b644-1fc803425645","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b563d5fb-963e-4418-b011-c0888a848f19","keyframes":{"transform":["translate3d(119.34425%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] GENERATE RANDOM TOKEN session_start(); $_SESSION["token"] = bin2hex(random_bytes(32)); $_SESSION["expire"] = time() + 3600; EMBED TOKEN INTO FORM <form method="post"> <input type="hidden" name="token" value="<?=$_SESSION["token"]?>"> <input type="email" name="email"> <input type="submit" value="Go!"> </form>

CSRF ATTACK PREVENTION

[{"selector":"#anim-fff09bc7-9a99-4a63-b472-3eb6b6c15120","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-37f52af7-331e-4857-b389-70663434b874","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-bbfdf613-103b-4de5-a284-7eaa8b6c0b3b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-bf4b6a8c-5afe-4b1c-ba5c-555b0d80e5d4","keyframes":{"transform":["translate3d(114.87342%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8549b59d-df1f-42b9-b793-d693c25a8816","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-2d17d7a7-e422-4717-b021-fddc95fa9ae0","keyframes":{"transform":["translate3d(0px, 196.29626%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CHECK TOKEN if (isset($_POST["token"]) && isset($_SESSION["token"]) && isset($_SESSION["expire"]) && $_SESSION["token"]==$_POST["token"]) { EXPIRED? if (time()>=$_SESSION["expire"]) { exit(); } PROCEED unset($_SESSION["token"]); unset($_SESSION["expire"]); echo "OK"; }

VISIT & FOLLOW

[{"selector":"#anim-d42a5016-cd99-4482-be2b-d28ab69724ff","keyframes":{"opacity":[0,1]},"delay":2000,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-53fcf617-2dd1-4eb3-a6ec-ad87f84ab6bd","keyframes":{"opacity":[0,1]},"delay":2000,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-3e30fc32-6382-454f-8cb3-7bad2599aff1","keyframes":{"transform":["translate3d(-128.43511%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2000,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-794a7259-d8f7-4105-93d3-f2735cf56ddf","keyframes":{"opacity":[0,1]},"delay":2400,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d7697147-cf44-4edd-a371-604ef3a2825f","keyframes":{"transform":["translate3d(-151.73267%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2400,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-32d6671f-f944-4fcb-a7cb-3e2aae473545","keyframes":{"opacity":[0,1]},"delay":2600,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8b44c490-ca64-4196-9167-636de1cf224a","keyframes":{"transform":["translate3d(-151.23154%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2600,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4d66f2f9-d9fb-4b34-aa95-ffa62247852f","keyframes":{"opacity":[0,1]},"delay":2200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5d50ce2d-a71d-46f2-a500-7406e841286b","keyframes":{"transform":["translate3d(-170.2941%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d774358b-ac3c-41a0-a905-c52b0be85c4c [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(-7.493271404989649%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

SIMPLE CSRF TOKEN PROTECTION

WHAT IS CSRF?

1A

CSRF ATTACK EXAMPLE A

1B

CSRF ATTACK EXAMPLE B

1C

CSRF ATTACK PREVENTION

2A

CSRF ATTACK PREVENTION

2B

VISIT & FOLLOW

CODE BOXX YOUTUBE

CODE BOXX PINTEREST

FULL TUTORIAL