Sometimes you can extract the CSRF token using CORS
No CSRF token / Weak generation of CSRF token
Samesite value of important Cookie set to None
or
Samesite value of important Cookie set to Lax with the following prerequisites
It must use a method that does not facilitate a change on the server (GET, HEAD, OPTIONS).It must originate from user-initiated navigation, e.g. clicking a link will include the cookie, but requests made by images or scripts will not.
It must use a method that does not facilitate a change on the server (GET, HEAD, OPTIONS).
It must originate from user-initiated navigation, e.g. clicking a link will include the cookie, but requests made by images or scripts will not.
Last updated 9 months ago