Manual-csrf_token-php-

In this project I have shown how the SIMPLE idea behind the protection of CROSS-SITE-REQUEST-FORGERY 💀 attacks is implement using CSRF-TOKEN

How to start ❓

Simple 🤘 Download the zip or clone this repository then run the index.php using your localhost server. The Database creation with the Schema of the table is in the dbconfig.php Do read the comment in this files

What I did 😎

Algorithm Used For encryption 💪

-> sha256 for Key and iv encryption -> openssl for session encryption - method used : AES-256-CBC -> BCRYPT for csrf_token encryption as this is one way encryption algorithm and we just need to verify the token not decrypt it

CSRF protection methology 🎓

-> We get the token from csrf_token.php which is giving me the token plus putting the same token in cookie . -> We get the token pnly if we visit the index.php that means a attacker has to visit this -> if not then the token wont be valid -> Considering a situation if somehow the attacker get a valid token ,then he/she will be using that int the request header in a remote form but this wont be validated as your cookie will be having different token from this -> You can surely add or contribute in this project to validate the cookie token and header token more precisely 😃

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
css		css
js		js
protection_tokens		protection_tokens
scss		scss
README.md		README.md
dbconfig.php		dbconfig.php
error.php		error.php
footer.php		footer.php
home.php		home.php
index.php		index.php
logAction.php		logAction.php
logout.php		logout.php
profilePic.jpg		profilePic.jpg
session_encryption.php		session_encryption.php

anikethsaha/CSRF-token-php-Manual

Folders and files

Latest commit

History

Repository files navigation

Manual-csrf_token-php-

How to start ❓

What I did 😎

Algorithm Used For encryption 💪

CSRF protection methology 🎓

Contributers Are Always Welcome

About

Topics

Resources

Stars

Watchers

Forks

Languages