CSRF
Cross-Site Request Forgery
An attack tricking an authenticated user into submitting unintended requests to a web application.
तकनीकी विवरण
CSRF exploits the browser's automatic inclusion of cookies with every request to a domain. If a user is logged into a bank, a malicious page can trigger a transfer request using the user's session. Defenses: synchronizer token pattern (hidden form field with random token), SameSite cookie attribute (Lax by default since Chrome 80), checking Origin/Referer headers, and requiring re-authentication for sensitive actions. Modern frameworks (Django, Rails) include CSRF protection by default.
उदाहरण
```javascript
// CSRF — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
.map(b => b.toString(16).padStart(2, '0')).join('');
```
संबंधित टूल्स
P
Password Generator
P
Password Strength Checker
H
Hash Generator
H
HMAC Generator
A
AES Encrypt / Decrypt
R
Random String Generator
C
CSP Header Generator
T
Text Redactor
C
CORS Header Generator
S
SRI Hash Generator
B
Base64 एन्कोडर / डिकोडर
J
JWT Decoder
U
UUID Generator
T
TOTP कॉन्फ़िगरेटर
S
SSL प्रमाणपत्र डिकोडर