Double Submit Cookie Bypass
I am trying to work on an example for my class on how double submit cookie works and how attackers can bypass it
The idea i have is I have two domain att.com and victim.com. The login functionality on victim.com creates the session and also creates a new cookie for csrf protection that will be included in all next requests as a hidden form parameter. I think until now its how double submit works.
For example the cookie that we set was cryptographically not strong, which means its value can be understood by the attacker. In this case the attacker can make request from his own domain to victim.com with form parameters set as required and hidden value set to decoded value.
Is that a correct implementation of bypassing Double submit? The only issue here when a request is generated from attacker.com to victim.com, it does not contain the exact cookie header, rather it contains hidden form value parameter only.
My question here is very simple. If the user is on bad.com and from there we take him to good.com, it won’t include the user cookies in the header, right? So there won’t be any way to bypass it
