Automating CSRF testing
Cross Site Request Forgery (CSRF) is one of the most commonly misunderstood web application vulnerabilities. Nonetheless, failure to properly identify such vulnerabilities can pose a serious risk to a web application and its users. In this recipe, we will discuss how to test for CSRF vulnerabilities in both GET and POST method parameters.
Getting ready
To perform CSRF testing against a target, you will need to have a remote system that is running one or more web applications that are vulnerable to CSRF. In the examples provided, an instance of Metasploitable2 is used to perform this task. Metasploitable2 has several preinstalled vulnerable web applications running on TCP port 80. For more information on setting up Metasploitable2, refer to the Installing Metasploitable2 recipe in Chapter 1, Getting Started, of this book.
How to do it…
CSRF is a vulnerability that can be present in both the GET and POST method transactions. DVWA offers a good example of a GET method...
