Collaborate Disseminate
I know they say CSRF tokens are the most secure way to prevent CSRF attacks but what if someone uses XHR to retrieve the page containing the csrf token along with the form and then use that token for his attacks?
Why they don’t say “Refer… Continue reading Retrieving CSRF token from third party website form using XHR (JavaScript)
Let’s say there is an XSS vulnerability in an application, and the application is not using any kind of CSRF token, just using the referer header to protect against CSRF. Referer header is validating properly. So in this case can we bypass… Continue reading If an application has an XSS vulnerabilty, can we bypass CSRF with referer header?
quoting from Referer header: privacy and security concerns
For example, consider a “reset password” page with a social media link
in a footer. If the link was followed, depending on how information
was shared the soci… Continue reading http referer security
Technically speaking, it is possible to spoof both headers using an intercepting proxy but that’s useless because we are doing it ourselves as an attacker.
When we send an ajax request using JS from another domain with our s… Continue reading Why is it not possible to spoof referer and origin header with XHR?
So what kind of discomfort will you have to deal with?
Will it break websites?
Or is it just a win for privacy?
You can disable the Referer headers in Firefox like this:
Open Firefox and type “about:config” in the add… Continue reading Is it a good idea from a security standpoint to disable Referer headers in the browser? What discomforts will you have to deal with?
I found a login form on a website that redirects you regardless if the insert credentials are correct or wrong (302 redirect). I noticed that the value of the header Referer: is sent to header Location: in response. So for e… Continue reading Referer value reflected in location response?
I am using function below as Go back to last page but on certain machines ‘referrer’ in document is not recognized and page reloads itself as last page in history.
function GoBackWithRefresh(event)
{
if (‘referrer’ in … Continue reading ‘referrer’ in document Javascript for Back button [on hold]
This application is trusting referrer header for its CSRF protection, for PoC purpose am looking for a way to spoof the referrer header while sending a cross domain request.
Null origin technique isn’t working.
Continue reading How to send a cross domain request with spoofed referrer header?
Same origin policy is an important part of the security model so it is “on” by default for most things, but for the referer it does not seem to be so. The default for browsers seem to be no-referrer-when-downgrade which in pr… Continue reading Why does not Referer header use “same-origin” by default?
Note: This question is not the same as the linked possible duplicate. That question asks how checking the origin/referer header protects against CSRF. This questions is asking how to implement the specific details.
I see a l… Continue reading CSRF Origin and Referer Header just check host?