Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How are certain vulnerabilities listed in the labs meant to be found

Jaak | Last updated: Jun 17, 2022 11:50AM UTC

Hi, while doing the labs and thinking about taking the Burpsuite Practitioner exam, I was wondering how some of these vulnerabilities are meant to be found. As an example, let's look at the CSRF labs. The following labs are listed: - CSRF where token validation depends on request method - CSRF where token validation depends on token being present - CSRF where token is not tied to user session - CSRF where token is tied to non-session cookie - CSRF where token is duplicated in cookie - CSRF where Referer validation depends on header being present - CSRF with broken Referer validation Now, while I understand that these are vulnerabilities and also how they work, I am unsure about how vulnerabilities like "CSRF where token validation depends on request method" or "CSRF where token is tied to non-session cookie" (where you can basically use the csrf tokens of user A for the requests of user B) are meant to be found in the exam but also in the wild? Does the exam require to manually check for each of the vulnerabilities? I know that in real world pentests, scanners like Nessus and Acunetix are often used, but do such scanners really test for stuff like that? Like sending the request with a different request method and checking whether the request is accepted despite not having the correct csrf token? Thanks :)

Liam, PortSwigger Agent | Last updated: Jun 17, 2022 01:25PM UTC

Hi Jaak. Thanks for your message. Burp Scanner is able to locate potential CSRF issues. The Scanner identifies a number of conditions, including when an application relies solely on HTTP cookies to identify the user, that results in a request being vulnerable to CSRF: - https://portswigger.net/kb/issues/00200700_cross-site-request-forgery This extension can be used to passively scan for CSRF (cross-site request forgery) vulnerabilities. - https://portswigger.net/bappstore/60f172f27a9b49a1b538ed414f9f27c3 Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.