Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

Sling Servlet CSRF attacks protection

santhsohm220338
Level 1
Level 1

Hello Everyone,

 

I have the below situation

I have a page, user comes and select his plan and click the button to navigate to next page. on clicking the button UI(react) will make ajax call to sling servlet and post the user selected values as request payload(request data). 

Here we have a situation we could able to trap the request using burp proxy interceptor and tampering the  request and the same changed values server accepting. Expecting behavior :server not to accept the manipulated data and should throw error.

I tried enabling CSRF token for Servlets and I can see CSRF-Token in request header as well. still did not worked for me.

Please help me here. Appreciate your help.

2 Replies