Cross-Site Request Forgery (CSRF) Explained 

Seriously cant say it enough. I freaking love your videos

@4:53 one of the important things to mention here is that the csrf token is good only as long as it is mapped to the user's session ID in the backend. Otherwise, the attacker might simply obtain a valid CSRF token by visiting the main website themself and inject it into the malicious requests. Tying the token to the user's session and validating that on the backend for each request is very important.

There's tens of thousands of videos on Csrf but you easily beat all of them. Yet the number of views you got aren't nearly as close as theirs. Niche youtubers like you are ahead of the time. I hope people like you are revered in coming 5 years

"Cat-Site Request Forgery"

i came from LiveOverflow channel , i so glad to be here ! your channel is interesting , love it . keep up the good work

Man, I tried researching how CSRF attacks worked last year and I never got a solid grasp of it. This video changed that. As a cybersecurity enthusiast and web developer, this is super helpful!

Just came by from watching LiveOverflow's video. I subbed and put on the bell notification on. This channel looks so cool

No words to describe how much informational these videos are. Thank you.

Came from Stök's channel. Absolutely loving it now! Subscribed and belled👏

Incredibly amazing video as always. Very great explanation, and I love your color choices and how you draw/write everything

You put lots of effort into your videos. Transitions are amazing. Wonderful production.

Wow , I love the graphical explanatory video, really easy to follow and understand in concordance with explication

I often find it hard to focus on educational videos like this, but somehow your videos have all of my attention. Not sure what voodoo you're using but it's working!

Amazing content as always, big fan of your videos and tutorials, thank you so much ;D

we need more of these. literally a free service to everyone genuinely interested

was curious if tokens really work since you could just make a GET and read the token then post. glad you answered that question very quickly. awesome video. i will subscribe

You are just awesome man. Why doesn't RU-vid show such search results at the top. I couldn't find you when I needed but now I am happy. Thanks bro..

Third video of yours that came up, and perfectly described the concept. Subscribed

the music and naration in the intro made me feel like I'm discovering a mistery in another new world, lol. great video

You definitely deserve more subs ;)

I really enjoyed your theme of explanation and the background music. sounded adventurous

I genuinely don't understand why you stop creating videos. Your style is so cool.

Great video, to the point and thoroughly explained the main concept.

This is very well explained, appreciated

Great content. I can't believe this is free! PS: I love your colour scheme

Thankyou for your videos. I would very much like to see a video on Insecure CORS and ways to escalate it :)

Love the style of explanation!

Great explanation bro, Keep up the good work. Wish ya da best.

you concept and style of teaching is lovely!..keep it up

Great Video and your drawing is amazing bro that google logo and the adobe logo was so perfect.

Bruh you need to create more content like this. Also you give example are to fast but over all your the best. 11/10.

Awesome video. I hope that you explain some bugs like vulnerable flash files, JSONP and email spoofing

I watched around 15 videos regarding csrf and you are the only one who explained it clearly. Also not everyone stressed on "the browser automatically sends the cookies".

Videos are so interesting and clear with basic to advance. Keep going 😀

This is one of the best channel I have encountered 😍

probably the best explanation out there

Crystal clear explanation. Thanks a ton

Amazing video, so clear! thank you

Thanks for making this. Really nice!

Such a good video. I love the voice as well: cute and reliable

Wunderbar...................U r one awsme teacher. Hats off to the effort you put in, for us mere novices.

You need more likes. Your work is needed for every developer.

As someone who pioneered csrf in 2007 this is a great video

Explained well, props to you

Very clear explanation. Thanks!

the best channel, thanks brother for the knowledge

Was watching live overflows vid a month ago, and look at me now, watching each video of yours everyday

your channel is a gold mine !!

Well done sir, keep them coming! :)

Best explanation I've ever heard!

Great videos.........Thank you for posting them

That's crazy explanation, Thanks a lot

You explained this better than the skillsoft guys, that's for sure

Love your videos! Please make more :3

Thank you for the great explanation! How did you made that animated slides, what tool is it?

this made me rethink my web security holy shit.

I love your videos there amazing , professional ! but I guess slow down a little bit for new people, other than that your the best I have ever being taught

As I understand it, fetch and XHR require `useCredentials` to send the cookies along with the request which needs to be explicitly stated on the CORS header Access-Control-Allow-Credentials. Otherwise cookies are not being sent and the CSRF fails.

Your videos are amazing. Clean, informational, and perfect. I should have found your channel earlier.

Awesome explanation! Tks!

Amazing 😅 , i learn a lot of new concepts in one video , but i think i will re-watch it later , some of them seem confusing !

this is the best. freaking cool

Just amazing content!

This is awesome !

You saved me. Thank you so much

you should make more cyber security videos i LOVE them!!!

Fucking A . i had to do couple of days of deep research to understand some of those concepts in order to have some idea about where the exploits would be . you just explained it PERFECTLY in simple terms and visuals and confirmed some of my thoughts :D . u did share some valuable and accurate information despite supid youtube terms n policies. Thank you sir for the clues XD

love your videos this is a god's work

Great Explanation ✅

wtf you deserve way more likes on this

Nice video thanks for the amazing content

Hi PwnFunction , just found your channel , your animations on this video are fantastic , can you share what app you use ? Thanks & Great Job

Excellent Explanation

Ok, good stuff. Subscribed.

Awesome ! Thank you !

Come on more video , u r just awesome !!!

Thank you very much!

I found a CSRF on a large website with > 500k members, so it's more common than you think! It allowed me to send their coins to my account, and those coins were bought with real money, so it was a decently critical flaw

Nice man!

that the office reference :')

You're videos are awesome

Great video, can you please shed a bit more light on how a csrf token actually protect against a csrf attack?

I Love PwnFunction Video's ILLUSTRATION🔥🙌⚡😍

Best explanation

not to mention the sick ass intro

came from BuferOverflow :p he mentioned u

Can you please make a video where you explain the exchange vulnerability? Thank you very much!

that is so cool. Mama told me to go on CS degree🤣

*Sees **11:42* *Cries with Respect*

nice video! thanks a lot!!!

since im new to this and just learning.. let me see if i got this straight. in order for me to make this work all i have to do is write a js file using the code here, host it in a server and when a person click it, it will delete their account?

Subscribed you brainy Penguin!

Do you buy the domains for the video? Is do you have some sort of local domain stuff

Awesome as always

You are the best

most of the cases of being bypassed by other domains for a kind of request is by using */wildcard in CORS

12:47 I dont understand why the json data + the content type header are first passed through a redirect(?) then to the vulnerable site?

Before sending the delete request, isn't the browser sending a preflight OPTIONS request to the server which will return an error and the delete request won't happen anymore ?

Ooooooh new video!

MASHA ALLAH