CSRF_Implementation
所属分类:内容生成
开发工具:JavaScript
文件大小:0KB
下载次数:0
上传日期:2022-02-17 05:20:13
上 传 者:
sh-1993
说明: 该项目试图通过生成令牌并将其发送到浏览器来防止csrf攻击。此令牌由浏览器在ea...上发送...,
(This project tries to prevent csrf attacks by generating the token and sending it to the browser. This token is sent by the browser on each and every request so that csrf attacks cannot take place.)
文件列表:
Attacker/ (0, 2022-02-16)
Attacker/package-lock.json (502966, 2022-02-16)
Attacker/package.json (838, 2022-02-16)
Attacker/public/ (0, 2022-02-16)
Attacker/public/favicon.ico (3870, 2022-02-16)
Attacker/public/index.html (1721, 2022-02-16)
Attacker/public/logo192.png (5347, 2022-02-16)
Attacker/public/logo512.png (9664, 2022-02-16)
Attacker/public/manifest.json (492, 2022-02-16)
Attacker/public/robots.txt (67, 2022-02-16)
Attacker/src/ (0, 2022-02-16)
Attacker/src/App.js (1251, 2022-02-16)
Attacker/src/index.js (478, 2022-02-16)
Attacker/src/reportWebVitals.js (362, 2022-02-16)
Attacker/src/setupTests.js (241, 2022-02-16)
vulnerable/ (0, 2022-02-16)
vulnerable/client/ (0, 2022-02-16)
vulnerable/client/package-lock.json (502365, 2022-02-16)
vulnerable/client/package.json (872, 2022-02-16)
vulnerable/client/public/ (0, 2022-02-16)
vulnerable/client/public/favicon.ico (3870, 2022-02-16)
vulnerable/client/public/index.html (1721, 2022-02-16)
vulnerable/client/public/logo192.png (5347, 2022-02-16)
vulnerable/client/public/logo512.png (9664, 2022-02-16)
vulnerable/client/public/manifest.json (492, 2022-02-16)
vulnerable/client/public/robots.txt (67, 2022-02-16)
vulnerable/client/src/ (0, 2022-02-16)
vulnerable/client/src/App.js (626, 2022-02-16)
vulnerable/client/src/Footer.js (249, 2022-02-16)
vulnerable/client/src/Login.js (1354, 2022-02-16)
vulnerable/client/src/Navbar.js (481, 2022-02-16)
vulnerable/client/src/Profile.js (3041, 2022-02-16)
vulnerable/client/src/Register.js (1521, 2022-02-16)
vulnerable/client/src/index.css (1772, 2022-02-16)
vulnerable/client/src/index.js (500, 2022-02-16)
... ...
CSRF Implementation
| Contributors: |
Krish Vadhani |
Devansh Shah |
| Roll No: |
1911062 |
1911052 |
| Course: |
CSS |
| Faculty: |
Deepak Sharma |
| College: |
K. J. Somaiya college of engineering |
## Techstack
* React.js
* Node.js
* MongoDB
## Introduction
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user. (Conversely, cross-site scripting (XSS) attacks exploit the trust a user has in a particular Web application). A CSRF attack exploits a vulnerability in a Web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent.
## Objective
A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.
CSRF tokens can prevent CSRF attacks by making it impossible for an attacker to construct a fully valid HTTP request suitable for feeding to a victim user. Since the attacker cannot determine or predict the value of a user's CSRF token, they cannot construct a request with all the parameters that are necessary for the application to honor the request.
## To run this project :
Clone the project -
$ git clone https://github.com/DEV270201/CSRF_Implementation.git
Install all the requirements -
After cloning the code run 'npm install' to download all the required libraries -
$ npm install
Start the project, navigate to the project directory on the terminal;
* Run the script 'npm start' in the 'Attacker'
* Run the script 'npm start' in the 'vulnerable/client'
* Run the script 'npm start' in the 'vulnerable/server'
## Run the script -
$ npm start
近期下载者:
相关文件:
收藏者: