Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Friday, May 27, 2011

CSRF Tester

OWASP CSRFTester is the most popular and successful tool for launching CSRF attack against CSRF vulnerable application. This tool has the capability to do successful CSRF attack against GET and POST methods.


To run this tool successfully you have to do the proxy setting in the browser so that all your browser traffic will flow through this tool. By default this tool will run on port “8008”, so set the IP as “localhost” or “127.0.0.1” and port number as “8008” in the browser proxy. To get started select the “Start Recording” button. You have to connected to internet directly, if you are connected to the internet through any proxy server then this tool will not work because there is no option in the tool to set the outgoing proxy.



For every GET and POST request this tool will create URL. Then just click on the “Stop Recording” button and go to file click on save provide a file name and save it as .txt file, If you are submitting large form with so many fields then there is a change the tool may not be create the URL 100% right. So sometimes you have to manually edit the URL to correct format.



Finally just take the URL and hit it in the browser when user is authenticated in the application.

 
 

No comments:

Post a Comment