13:[["$","$L126",null,{"props":{"lessonContent":{"components":[{"type":"Quiz","mode":"edit","content":{"title":"","questions":[{"id":"P6FIymiI5NiyrCyr2Gw-B","questionText":"An attacker includes an image tag in a malicious email that points to a URL on the victim's bank's website. Which type of CSRF attack is described above? ","questionOptions":[{"text":"`POST`-based attacks","id":"eSp0Q4Mu49Cc_rOzMVq5t","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

POST-based attacks

\n"},{"text":"`GET`-based attacks","id":"iq5nYZfgIZK5xMQ_fnqq1","correct":true,"explanation":{"mdText":"These attacks exploit the fact that browsers will automatically send `GET` requests for any URL that's referenced in the `src` attribute of an image tag.","mdHtml":"

These attacks exploit the fact that browsers will automatically send GET requests for any URL that’s referenced in the src attribute of an image tag.

\n"},"mdHtml":"

GET-based attacks

\n"},{"text":"Request-based attacks","id":"ctUoBHqRFEiPwSR4qHTQP","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Request-based attacks

\n"},{"text":"Server-based attacks","id":"4ETbR15cTx38MXsc-e4TN","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Server-based attacks

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker includes an image tag in a malicious email that points to a URL on the victim’s bank’s website. Which type of CSRF attack is described above?

\n"},{"id":"IHeMTuYW1W1GCdyHnBPRJ","questionText":"Which way of preventing CSRF attacks involves the use of randomized characters for every session in a web application?","questionOptions":[{"text":"Use of HTTPS","id":"WtZScdyhs8B4sl8Si1xmX","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of HTTPS

\n"},{"text":"Use of cookies","id":"dHBnomoT9S1vyh6S-T-92","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of cookies

\n"},{"text":"Cashing of websites ","id":"z_Jfkqst9gho47lPFAhBH","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Cashing of websites

\n"},{"text":"Use of anti-CSRF tokens","id":"OVhJpAEB7bbIzxuhbf3bK","correct":true,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of anti-CSRF tokens

\n"}],"multipleAnswers":false,"questionTextHtml":"

Which way of preventing CSRF attacks involves the use of randomized characters for every session in a web application?

\n"},{"id":"uExSYpOUC4MVskbfeOnte","questionText":"An attacker wants to launch a CSRF attack on a user called Bob who has an account at banking.com. What process would the attacker would use to successfully launch this attack?","questionOptions":[{"text":"1. The attacker must trick Bob into clicking the exploit URL.\n2. Bob needs to have an active session with banking.com.\n3. The attacker must also build an exploit URL.\n","id":"PjILZ3h8ISPawvq0bwGlS","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

The attacker must trick Bob into clicking the exploit URL.
Bob needs to have an active session with banking.com.
The attacker must also build an exploit URL.

\n"},{"text":"1. The attacker must build an exploit URL.\n2. Bob needs also to have an active session with banking.com.\n3. The attacker must trick Bob into clicking the exploit URL.\n","id":"8pKV9_HL83f7VK3Tq9N5X","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

The attacker must build an exploit URL.
Bob needs also to have an active session with banking.com.
The attacker must trick Bob into clicking the exploit URL.

\n"},{"text":"1. The attacker must build an exploit URL.\n2. The attacker must also trick Bob into clicking the exploit URL.\n3. Bob needs to have an active session with banking.com.\n","id":"lL5WNPmJ7SesUd0rkTM2H","correct":true,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

The attacker must build an exploit URL.
The attacker must also trick Bob into clicking the exploit URL.
Bob needs to have an active session with banking.com.

\n"},{"text":"1. Bob needs to have an active session with banking.com.\n2. The attacker must build an exploit URL.\n3. The attacker must also trick Bob into clicking the exploit URL.\n","id":"viOH7l7V4rhDPm3nIrw5E","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Bob needs to have an active session with banking.com.
The attacker must build an exploit URL.
The attacker must also trick Bob into clicking the exploit URL.

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker wants to launch a CSRF attack on a user called Bob who has an account at banking.com. What process would the attacker would use to successfully launch this attack?

\n"},{"id":"xFFFEzwuG7Gy-2rkDXhRP","questionText":"An attacker wants to perform a CSRF attack. The relevant `GET` request is for changing a user's password. The request also requires the user's current password for a successful response. Will the attack be successful?","questionOptions":[{"text":"Yes","id":"O5ocZPqXm-I37kJZ5xfAE","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Yes

\n"},{"text":"No","id":"C2LBSJqXHugrn7sFzoY4P","correct":true,"explanation":{"mdText":"Unless the attacker knows the user's current password, the CSRF attack won't work.","mdHtml":"

Unless the attacker knows the user’s current password, the CSRF attack won’t work.

\n"},"mdHtml":"

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker wants to perform a CSRF attack. The relevant GET request is for changing a user’s password. The request also requires the user’s current password for a successful response. Will the attack be successful?

\n"},{"id":"3zYhIrHjoKxu__b4OHQkr","questionText":"**(True or False)** Anti-CSRF tokens only work well with `POST` requests.","questionOptions":[{"text":"True","id":"_3iuRlEnJQj72x_XbtxwM","correct":true,"explanation":{"mdText":"Using anti-CSRF tokens with `GET` requests would be incorrect because they would be visible in the URL.","mdHtml":"

Using anti-CSRF tokens with GET requests would be incorrect because they would be visible in the URL.

\n"},"mdHtml":"

True

\n"},{"text":"False","id":"DB7QBwOTKXQ6_--THGcyi","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

False

\n"}],"multipleAnswers":false,"questionTextHtml":"

(True or False) Anti-CSRF tokens only work well with POST requests.

\n"}],"comp_id":"sy7HRkWaHpJJkVm_XKfTe","titleMdHtml":""},"iteration":0,"hash":0,"children":[{"text":""}],"contentID":"M1K0-4_OraI8kASoMTwEP","saveVersion":7,"status":"normal"}],"summary":{"title":"Quiz Yourself on Cross-Site Request Forgery","description":"Take a short quiz on what you learned in this chapter.","tags":["CSRF","Web penetration testing","Mitigation of CSRF"],"titleUpdated":true},"content":[{"type":"Quiz","mode":"edit","content":{"title":"","questions":[{"id":"P6FIymiI5NiyrCyr2Gw-B","questionText":"An attacker includes an image tag in a malicious email that points to a URL on the victim's bank's website. Which type of CSRF attack is described above? ","questionOptions":[{"text":"`POST`-based attacks","id":"eSp0Q4Mu49Cc_rOzMVq5t","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

POST-based attacks

These attacks exploit the fact that browsers will automatically send GET requests for any URL that’s referenced in the src attribute of an image tag.

\n"},"mdHtml":"

GET-based attacks

\n"},{"text":"Request-based attacks","id":"ctUoBHqRFEiPwSR4qHTQP","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Request-based attacks

\n"},{"text":"Server-based attacks","id":"4ETbR15cTx38MXsc-e4TN","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Server-based attacks

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker includes an image tag in a malicious email that points to a URL on the victim’s bank’s website. Which type of CSRF attack is described above?

Use of HTTPS

\n"},{"text":"Use of cookies","id":"dHBnomoT9S1vyh6S-T-92","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of cookies

\n"},{"text":"Cashing of websites ","id":"z_Jfkqst9gho47lPFAhBH","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Cashing of websites

\n"},{"text":"Use of anti-CSRF tokens","id":"OVhJpAEB7bbIzxuhbf3bK","correct":true,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of anti-CSRF tokens

\n"}],"multipleAnswers":false,"questionTextHtml":"

Which way of preventing CSRF attacks involves the use of randomized characters for every session in a web application?

The attacker must trick Bob into clicking the exploit URL.
Bob needs to have an active session with banking.com.
The attacker must also build an exploit URL.

The attacker must build an exploit URL.
Bob needs also to have an active session with banking.com.
The attacker must trick Bob into clicking the exploit URL.

The attacker must build an exploit URL.
The attacker must also trick Bob into clicking the exploit URL.
Bob needs to have an active session with banking.com.

Bob needs to have an active session with banking.com.
The attacker must build an exploit URL.
The attacker must also trick Bob into clicking the exploit URL.

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker wants to launch a CSRF attack on a user called Bob who has an account at banking.com. What process would the attacker would use to successfully launch this attack?

Yes

\n"},{"text":"No","id":"C2LBSJqXHugrn7sFzoY4P","correct":true,"explanation":{"mdText":"Unless the attacker knows the user's current password, the CSRF attack won't work.","mdHtml":"

Unless the attacker knows the user’s current password, the CSRF attack won’t work.

\n"},"mdHtml":"

\n"}],"multipleAnswers":false,"questionTextHtml":"

Using anti-CSRF tokens with GET requests would be incorrect because they would be visible in the URL.

\n"},"mdHtml":"

True

\n"},{"text":"False","id":"DB7QBwOTKXQ6_--THGcyi","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

False

\n"}],"multipleAnswers":false,"questionTextHtml":"

(True or False) Anti-CSRF tokens only work well with POST requests.

\n"}],"comp_id":"sy7HRkWaHpJJkVm_XKfTe","titleMdHtml":""},"iteration":0,"hash":0,"children":[{"text":""}],"contentID":"M1K0-4_OraI8kASoMTwEP","saveVersion":7,"status":"normal"}],"darkModeContent":[{"type":"Quiz","mode":"edit","content":{"title":"","questions":[{"id":"P6FIymiI5NiyrCyr2Gw-B","questionText":"An attacker includes an image tag in a malicious email that points to a URL on the victim's bank's website. Which type of CSRF attack is described above? ","questionOptions":[{"text":"`POST`-based attacks","id":"eSp0Q4Mu49Cc_rOzMVq5t","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

POST-based attacks

These attacks exploit the fact that browsers will automatically send GET requests for any URL that’s referenced in the src attribute of an image tag.

\n"},"mdHtml":"

GET-based attacks

\n"},{"text":"Request-based attacks","id":"ctUoBHqRFEiPwSR4qHTQP","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Request-based attacks

\n"},{"text":"Server-based attacks","id":"4ETbR15cTx38MXsc-e4TN","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Server-based attacks

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker includes an image tag in a malicious email that points to a URL on the victim’s bank’s website. Which type of CSRF attack is described above?

Use of HTTPS

\n"},{"text":"Use of cookies","id":"dHBnomoT9S1vyh6S-T-92","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of cookies

\n"},{"text":"Cashing of websites ","id":"z_Jfkqst9gho47lPFAhBH","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Cashing of websites

\n"},{"text":"Use of anti-CSRF tokens","id":"OVhJpAEB7bbIzxuhbf3bK","correct":true,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

Use of anti-CSRF tokens

\n"}],"multipleAnswers":false,"questionTextHtml":"

Which way of preventing CSRF attacks involves the use of randomized characters for every session in a web application?

The attacker must trick Bob into clicking the exploit URL.
Bob needs to have an active session with banking.com.
The attacker must also build an exploit URL.

The attacker must build an exploit URL.
Bob needs also to have an active session with banking.com.
The attacker must trick Bob into clicking the exploit URL.

The attacker must build an exploit URL.
The attacker must also trick Bob into clicking the exploit URL.
Bob needs to have an active session with banking.com.

Bob needs to have an active session with banking.com.
The attacker must build an exploit URL.
The attacker must also trick Bob into clicking the exploit URL.

\n"}],"multipleAnswers":false,"questionTextHtml":"

An attacker wants to launch a CSRF attack on a user called Bob who has an account at banking.com. What process would the attacker would use to successfully launch this attack?

Yes

\n"},{"text":"No","id":"C2LBSJqXHugrn7sFzoY4P","correct":true,"explanation":{"mdText":"Unless the attacker knows the user's current password, the CSRF attack won't work.","mdHtml":"

Unless the attacker knows the user’s current password, the CSRF attack won’t work.

\n"},"mdHtml":"

\n"}],"multipleAnswers":false,"questionTextHtml":"

Using anti-CSRF tokens with GET requests would be incorrect because they would be visible in the URL.

\n"},"mdHtml":"

True

\n"},{"text":"False","id":"DB7QBwOTKXQ6_--THGcyi","correct":false,"explanation":{"mdText":"","mdHtml":""},"mdHtml":"

False

\n"}],"multipleAnswers":false,"questionTextHtml":"

(True or False) Anti-CSRF tokens only work well with POST requests.

\n"}],"comp_id":"sy7HRkWaHpJJkVm_XKfTe","titleMdHtml":""},"iteration":0,"hash":0,"children":[{"text":""}],"contentID":"M1K0-4_OraI8kASoMTwEP","saveVersion":7,"status":"normal"}]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Web Application Penetration Testing","summary":"This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. \n\nYou will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. \n\nYour knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.","details":"

Before attending this course, students should be familiar with:

Operating systems concepts, basic knowledge in databases & SQL language

Programming concepts, with emphasis on web applications (HTML/JS)

","clos":["Working knowledge of finding and exploiting vulnerabilities in a web application","The ability to scan and assess a web application","Hands-on experience in identifying risks with penetration testing tools","Mastery of protecting web applications by applying solid mitigation strategies"],"arabic_available":false,"page_tags":{"6435951031353344":"Linux Terminal","5918269731241984":"Linux Terminal,File System","4972189602545664":"Linux Command,Git,Github","6046891888607232":"Linux Command,Terminal","4963064877416448":"Linux Commands,Shell","5855276989415424":"Linux System,Terminal","5952323285417984":"Linux Terminal,Log Files,Terminal","6658483286179840":"Linux Terminal,Shell,Bash","6659382947610624":"Linux Command,Kernel,Shell","5057871951953920":"Programming,Python 3,Python Scripting","6604713550413824":"Linux Terminal,Python Variables,Python Functions","5640804844699648":"Python Prgramming,Loops,Conditional Statements","5018434320728064":"Linux,Networking,Ifconfig","6482966360621056":"Python Scripting,Linux Terminal,Linux Commands","5862391770513408":"Web Application,Web Protocols,Protocols","4505631969247232":"Web Encoding,Web Penetration Testing,Linux","5755760609067008":"Linux Command,Kernel,Script","5795659496292352":"","6338725076533248":"Wireshark,Network analysis,Web App and Wireshark","5358592542900224":"Google Hacking,Google Dorks,Web Penetration Testing","6323365375901696":"MITM,Social Engineering","6714660284006400":"Cross-site scripting,XSS,Web Penetration Testing","5876204553109504":"Linux System,Apache Web Server","5710707383599104":"Linux Command,ifconfig,IP address","5832229087608832":"Web Application,Domain Name System(DNS),IP Adresses","5482689042055168":"Wep Penetration Testing,Linux,Python Programming","5792222943641600":"Web Penetarion testing,Cookies,Web Server","4550530181627904":"Web penetration testing,server technology,web proxies","6148887329112064":"OSINT,Web Penetration Testing,OSINT lifecycle","4755829953921024":"Browser fingerprinting,OSINT,Web fingerprinting","5684019564118016":"Shodan,Web Pentation Testing","5262438824148992":"HTTP/S Protocol,Web Server and Apache,Cookies","4948350315266048":"","5532332857753600":"","5798281330556928":"Web Penetration Testing,Cross-Site Scripting","5958987296276480":"Cross-site scripting,Web Penetartion Testing,XSS","6340314927464448":"CSRF,Web Penetration Testing","6736928749912064":"CSRF,Web Penetration Testing","4510037699723264":"Authentication,Authorization,Web penetration testing","5975594760404992":"XSS exploitation,Cross-site Scripting,Web-penetration testing","4603990948184064":"SQL injection,Types SQL injection,Uses SQL injection","5526014830837760":"Web Penetration Testing,Denial of service,DOS","6722287172845568":"Audit a website,Web penetration testing","6328985239945216":"SQL injection,Web Penetration Testing,SQLmap","4563556985208832":"SQL injection,Web Penetration Testing,Exploiting SQL injection","6549084328689664":"Authentication,Authorization,Common vulnerabilities","5833006476689408":"Bypassing authentication,Bypassing authorization","4509049286819840":"Authentication,Authorization,Mitigation startegies","6213142288007168":"CSRF,Web penetration testing","5861870670184448":"Social engineering,Web penetration testing","4927147877859328":"Setoolkit,Social Engineering,SET kit","6084269277708288":"MITM,SET,Phishing","5355319777820672":"Tor network,Proxy server,VPN","5136085151907840":"SOC,SIEM,IDPS","5901944113856512":"Cross-site scripting,Reflected XSS,Stored XSS","6380664373116928":"SQL injection,NoSQL injection,Auditing databases","4746439861469184":"Authentication,Authrorization","5674780013625344":"CSRF,Web penetration testing,Mitigation of CSRF","5135942881116160":"Phishing,Types of phishing,Social Engineering","5862581614149632":"Setoolkit,Phishing,MITM","5062932993146880":"Auditing Web,Anonymity,SOC","4616539425472512":""},"collection_toc_is_enabled":true,"page_count":null,"docker":{"container":{"file":{"name":"webpen.tar.gz","size":2059},"imageName":"author-6586453712175104-collection-5140240532766720-rev-68-container-4637636506157056-webpen","buildStatus":"SUCCESS","buildStatusUrl":"/api/author/6586453712175104/collection/5140240532766720/containers/4637636506157056/build/status","buildLogUrl":"/api/author/6586453712175104/collection/5140240532766720/containers/4637636506157056/build/log","metadata":{"sizeInBytes":2059},"id":-1,"tarballDownloadUrl":"/api/author/6586453712175104/collection/5140240532766720/containers/4637636506157056/download","rebuildImageUrl":"/api/author/6586453712175104/collection/5140240532766720/containers/4637636506157056/rebuild","track":false},"envs":[{"value":"","id":"tWig7k2TeCsDrQOr-Wsen","key":"shodan_api","name":"shodan_api","info":"","required":false,"useAsDefault":true,"deleted":false,"defaultValue":""}],"jobs":[{"key":"xzH6BaPpSHXvA9acCFWXk","jobType":"GUI","name":"Wireshark","inputFileName":"wireshark","runScript":"export DISPLAY=:1.0 \n\nwireshark","runInLiveContainer":false,"forceRelaunchOnCompChange":true,"forceRelaunchOnRun":true},{"key":"o8S4nHexxNI3k58dpKuXD","jobType":"GUI","name":"chrome","inputFileName":"chrome","runScript":"export DISPLAY=:1.0 \nuseradd -m chromeuser; google-chrome --no-sandbox >/dev/null 2>&1","runInLiveContainer":false,"forceRelaunchOnCompChange":true,"forceRelaunchOnRun":true},{"key":"IHdgbSBJurIUPBVDrj_gi","jobType":"GUI","name":"ZAP","inputFileName":"ZAP","runScript":"export DISPLAY=:1.0 \ncd /ZAP_2.11.1 && bash zap.sh","runInLiveContainer":false,"forceRelaunchOnCompChange":true},{"key":"xeC9dJvnLkwtBsDRH_UKD","jobType":"GUI","name":"Burp","inputFileName":"BurpSuite","runScript":"export DISPLAY=:1.0 \ncd /\nchmod +x burpsuite_community_linux_v2020_11_3.sh && echo -e \"o\\n\\ny\\n\" | ./burpsuite_community_linux_v2020_11_3.sh && clear\nexport DISPLAY=:1\ncd usr/local\nBurpSuiteCommunity","runInLiveContainer":false,"forceRelaunchOnCompChange":true,"forceRelaunchOnRun":true},{"key":"JoacpHiIjyJh5hsntU9hj","jobType":"GUI","name":"frog","inputFileName":"foo","runScript":"export DISPLAY=:1.0 && screamingfrogseospider","runInLiveContainer":false,"forceRelaunchOnCompChange":true,"forceRelaunchOnRun":true},{"key":"Ibcmw_Df924thDiwMQCJ_","jobType":"Live","name":"proxychains","inputFileName":"foo","runScript":"cp -r /usercode/* /etc/\ncurl https://suip.biz/ip/\nproxychains4 curl https://suip.biz/ip/","forceRelaunchOnRun":false,"runInLiveContainer":true,"forceRelaunchOnCompChange":true,"ports":"3000","startScript":"cp -r /usercode/* /etc/\nservice tor start\ncurl https://suip.biz/ip/\nproxychains4 curl https://suip.biz/ip/"},{"key":"-0x2JZzTnrUZ_o_a07qme","jobType":"GUI","name":"encoder","inputFileName":"foo","runScript":"cp -r /usercode/index.html /var/www/html/\nservice apache2 start\nexport DISPLAY=:1.0\nuseradd -m chromeuser\ngoogle-chrome --no-sandbox >/dev/null 2>&1","forceRelaunchOnRun":true,"runInLiveContainer":false},{"key":"bkNqmydnas7lDyz9GVPT-","jobType":"GUI","name":"setoolkitChrome","inputFileName":"foo","runScript":"export DISPLAY=:1.0\ncp -R /usercode/set.config /etc/setoolkit/\ngoogle-chrome --no-sandbox >/dev/null 2>&1 &\nclear\nsetoolkit","ports":"8080","startScript":"setoolkit","forceRelaunchOnRun":true,"runInLiveContainer":false},{"key":"a3uVl16S13YxLMFsBIMGW","jobType":"GUI","name":"chromeShark","inputFileName":"foo","runScript":"export DISPLAY=:1.0\nuseradd -m chromeuser\nwireshark &\ngoogle-chrome --no-sandbox >/dev/null 2>&1","forceRelaunchOnRun":true,"runInLiveContainer":false},{"key":"PVOcwiY3_YjzVxz4WOP2e","jobType":"Live","name":"juiceshop","inputFileName":"foo","runScript":"ls","ports":"3000","startScript":"export NODE_ENV=unsafe && cd juice-shop_14.5.1 && npm start","forceRelaunchOnRun":true,"runInLiveContainer":true},{"key":"ZhK3QIV2Mx3p79gNuk9oV","jobType":"GUI","name":"BurpChrome","inputFileName":"BurpSuite","runScript":"export DISPLAY=:1.0 \ncd /\nchmod +x burpsuite_community_linux_v2020_11_3.sh && echo -e \"o\\n\\ny\\n\" | ./burpsuite_community_linux_v2020_11_3.sh && clear\nexport DISPLAY=:1\ncd usr/local\nBurpSuiteCommunity &\nuseradd -m chromeuser google-chrome --no-sandbox /usercode/csrftest.html >/dev/null 2>&1","runInLiveContainer":false,"forceRelaunchOnCompChange":true,"forceRelaunchOnRun":true}],"testRunners":[],"version":3,"loaded":true},"discounted_price":29,"cover_image_id":5000288031997952,"cover_image_metadata":"{\"width\":1024,\"height\":512,\"sizeInBytes\":43255,\"name\":\"web penetration test (1).png\"}","cover_image_serving_url":"/v2api/collection/6586453712175104/5140240532766720/image/5000288031997952","tags":["Web Security","Linux Operating System"],"intro_video_url":"","intro_video_thumbnail_url":null,"aggregated_widget_stats":{"projects":0,"assessments":0,"MarkdownEditor":212,"codeExerciseCount":0,"codeRunnableCount":41,"codeSnippetCount":35,"illustrations":61,"TerminalWidget":27,"Table":14,"Image":0,"Quiz":11,"ButtonLink":0,"Code":11,"VNC":10,"MxGraphWidget":10,"SlateHTML":29,"WebpackBin":4,"LiveApp":0,"DrawIOWidget":41,"Columns":2,"CanvasAnimation":1,"MatchTheAnswers":0,"SpoilerEditor":2,"Sandpack":0,"cloudlabs":0},"default_themes":{"code_themes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}}},"api_keys":{"api_keys":[]},"skills":["Python Programming","HTTP Protocol and Web API","Interactive Real-time Web Applications"],"testimonials":[],"licensing":null,"target_audience":"intermediate","author_id":"6586453712175104","collection_id":"5140240532766720","approval_status":3005,"price":29,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":false,"is_priced":true,"brief_summary":"Gain insights into web app vulnerabilities and attack methods, delve into penetration testing with Kali Linux, and explore tools for enhancing information security using Python, web tech, and network management.","approval_update_time":"2023-07-18T15:23:31.660Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"collection","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":57600,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"is_collection_palified":false},"pageSummarySSR":{"title":"Quiz Yourself on Cross-Site Request Forgery","description":"Take a short quiz on what you learned in this chapter.","discourse_page_url":"https://discuss.educative.io/tag/quiz-yourself-on-cross-site-request-forgery__cross-site-request-forgery__web-application-penetration-testing?open=true&ctag=web-application-penetration-testing__ochieng-bostone&cslug=web-application-penetration-testing&pslug=quiz-yourself-on-cross-site-request-forgery"},"adaptiveLearningConfigConstantSSR":0,"enableLessonPageLockedBannerV2":true,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":7,"b2c_trial_categories":"$127"},"b2cStatus":100,"learnerTags":"$128","workStats":1460,"interviewWorksStats":81,"inL2cStarterPack":false,"l2cWorkStats":43,"enableL2cStarterPackPaymentWidget":"true"},"pageTocSSR":"","authorId":"6586453712175104","collectionId":"5140240532766720","pageId":"5674780013625344","isCollectionPageLockedCachingEnabled":true,"aceFeatureFlags":{"enableAceEditor":true,"enableAceEditorForAnswers":true},"meta":{"type":["Article","TechArticle"],"title":"Quiz Yourself on Cross-Site Request Forgery","name":"Web Application Penetration Testing","description":"Take a short quiz on what you learned in this chapter.","image":"https://educative.io/api/collection/6586453712175104/5140240532766720/image/5000288031997952.png","isAccessibleForFree":false,"keywords":"$128","provider":"Educative","publisher":"Educative","id":"courses/web-application-penetration-testing/quiz-yourself-on-cross-site-request-forgery","author":"Educative","educationalLevel":"intermediate","noIndex":true,"isForcedNoIndex":true,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"5862391770513408":"HTTP/S Protocol Basics","4505631969247232":"Web Encoding","5057871951953920":"Python Basics","6604713550413824":"Variables, Functions, and Lists","5918269731241984":"Linux File System","4963064877416448":"Text Manipulation","6046891888607232":"Software Management","5018434320728064":"Network Analysis Using ifconfig and iwconfig","5710707383599104":"Modification of Network Information","5832229087608832":"Modification of Domain Name System","4972189602545664":"Git and Git Version Control","5855276989415424":"Permissions and Process Management","6658483286179840":"Bash Scripting","5952323285417984":"System Logging","5876204553109504":"Running a Web Server with Apache","5355319777820672":"Security, Anonymity, and Privacy","6338725076533248":"Wireshark","6659382947610624":"Linux Kernel and Loadable Modules","5640804844699648":"Control Flow","6482966360621056":"Python Scripting","5792222943641600":"Cookies","4550530181627904":"Proxies","6148887329112064":"Gathering Information on a Target","4755829953921024":"Web Fingerprinting Infrastructure","5358592542900224":"Google Hacking","5684019564118016":"Shodan","5798281330556928":"Cross-Site Scripting Basics","6714660284006400":"Auditing Strategies","5975594760404992":"XSS Exploitation","5958987296276480":"Mitigation of XSS","4603990948184064":"Introduction to SQL Injection","6328985239945216":"Automatically Finding SQL Injections","4563556985208832":"Exploiting and Mitigating SQL Injections","4510037699723264":"Fundamentals of Authentication and Authorization","6549084328689664":"Common Vulnerabilities","5526014830837760":"Denial-of-Service","5861870670184448":"Social Engineering","4927147877859328":"Social-Engineer Toolkit (SET)","6323365375901696":"Man-in-the-Middle (MITM) Attacks","6722287172845568":"Auditing Web Services","5135942881116160":"A Deeper Look at Phishing","5136085151907840":"Security Operations Center (SOC)","6084269277708288":"Mitigation of Social Engineering","5833006476689408":"Bypassing Authentication and Authorization","4509049286819840":"Mitigation Strategies","6340314927464448":"Cross-Site Request Forgery","6213142288007168":"Exploiting and Finding CSRF Vulnerabilities","6736928749912064":"Mitigation of Cross-Site Request Forgery","6435951031353344":"Linux Commands","5755760609067008":"Quiz Yourself on Basic Linux Commands","5795659496292352":"Quiz Yourself on Python Basics","5482689042055168":"Getting Started","5262438824148992":"Quiz Yourself on Web and Server Technology","4948350315266048":"Quiz Yourself on Network Management and Analysis","5532332857753600":"Quiz Yourself on Open-Source Intelligence","5901944113856512":"Quiz Yourself on Cross-Site Scripting","6380664373116928":"Quiz Yourself on SQL injection","4746439861469184":"Quiz Yourself on Authentication and Authorization","5674780013625344":"Quiz Yourself on Cross-Site Request Forgery","5862581614149632":"Quiz Yourself on Social Engineering","5062932993146880":"Quiz Yourself on Broader Security Concepts","4616539425472512":"Conclusion"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[]},"requestUrl":"/courses/web-application-penetration-testing/quiz-yourself-on-cross-site-request-forgery","requestUrlInfo":{"authorId":"6586453712175104","collectionId":"5140240532766720","pageId":"5674780013625344","courseUrlSlug":"web-application-penetration-testing","pageUrlSlug":"quiz-yourself-on-cross-site-request-forgery"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$129"}}],false,"$undefined"]]