We first need to analyze the request we want to force the victim to make. To do this, we need Burp Suite, or another proxy configured in the browser:
- Log in to BodgeIt as any user and click on the username to go to the profile.
- Make a password change. Let's see what the request looks like in the proxy:
So, it is a POST request to http://192.168.56.11/bodgeit/password.jsp and has only the password and its confirmation in the body.
- Let's try to make a very simple HTML page that replicates this request. Create a file (we'll name it csrf-change-password.html) with the following contents:
<html><body><form action="http://192.168.56.11/bodgeit/password.jsp" ...