Skip to content
In this project I have shown how the SIMPLE idea behind the protection of CROSS-SITE-REQUEST-FORGERY attacks is implement using CSRF-TOKEN
PHP CSS JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
css
js
protection_tokens
scss
README.md
dbconfig.php
error.php
footer.php
home.php
index.php
logAction.php
logout.php
profilePic.jpg
session_encryption.php

README.md

Manual-csrf_token-php-

In this project I have shown how the SIMPLE idea behind the protection of CROSS-SITE-REQUEST-FORGERY 💀 attacks is implement using CSRF-TOKEN

How to start

Simple 🤘 Download the zip or clone this repository then run the index.php using your localhost server. The Database creation with the Schema of the table is in the dbconfig.php Do read the comment in this files

What I did 😎

Algorithm Used For encryption 💪

-> sha256 for Key and iv encryption -> openssl for session encryption - method used : AES-256-CBC -> BCRYPT for csrf_token encryption as this is one way encryption algorithm and we just need to verify the token not decrypt it

CSRF protection methology 🎓

-> We get the token from csrf_token.php which is giving me the token plus putting the same token in cookie . -> We get the token pnly if we visit the index.php that means a attacker has to visit this -> if not then the token wont be valid -> Considering a situation if somehow the attacker get a valid token ,then he/she will be using that int the request header in a remote form but this wont be validated as your cookie will be having different token from this -> You can surely add or contribute in this project to validate the cookie token and header token more precisely 😃

Contributers Are Always Welcome

You can’t perform that action at this time.