# OAuth authentication

## Forced OAuth profile linking

### **Step to reproduce**

1. Navigate url using browser : <https://example.com>
2. Go to setting and link social media with account
3. Intercept request using burp-suite.
4. Find the callback url.
5. Right click on request and click on copy url after create poc with `<iframe src="copy link"></iframe>`. OR Generate  the csrf poc using burp.
6. Send the poc.html file to victim.
7. Observe the response, successful social account connect with victim account.&#x20;