CSRF - Lab #5 CSRF where token is tied to non-session cookie | Long Version

In this video, we cover Lab #5 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren't fully integrated into the site's session handling system. To solve the lab, we use the exploit server to host an HTML page that uses a CSRF attack to change the viewer's email address. ▬ 🌟 Video Sponsor 🌟 ▬▬▬▬▬▬▬▬▬▬ Sign up to Intigriti: https://go.intigriti.com/ranakhalil (affiliate link) ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬ 00:00 - Introduction 00:14 - Intigriti sponsorship (https://go.intigriti.com/ranakhalil) 01:08 - Navigation to the exercise 01:54 - Understand the exercise and make notes about what is required to solve it 02:48 - Exploit the lab using Burp Suite Pro 20:52 - Script the exploit (without Burp Suite Pro) 27:47 - Summary 28:00 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ HTML script: https://github.com/rkhal101/Web-Secur... Notes.txt document: https://github.com/rkhal101/Web-Secur... CSRF theory video:    • Cross-Site Request Forgery (CSRF) | Comple...   Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/... Web Security Academy: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil