How to Use CSRFTester with 5 easy steps
CSRF issues are among the top 10 security vulnerabilities for the past few years. Details of the top 10 vulnerabilities are available at OWASP TOP 10
Consider a scenario where a web application has a self registration module, and if that module is vulnerable for CSRF issues, then a malicious user may be able to register users without actually having to fill the online registration.
In this blog post, I will explain in few steps how a basic test can be conducted using the CSRFTester tool
Step.1: Set the proxy port of the browser to 8008 since the CSRFTester tool by default starts on "127.0.0.1:8008"
Step.2: Start the CSRFTester tool by navigating to the bin folder and running ./run.sh
Step.3: Click on Start Recording from the UI as shown below.
Step.4: Navigate to the browser and perform a steps of the area you want to check such as a user registration. You may remove any unwanted steps that were recorded.
Step.5: Click on the option Generate HTML as shown below to generate the test script to check for the vulnerabilities.
Once the above steps are performed, we have a test script with us that we can use for testing vulnerabilities. For an example if we want to test a user registration module for CSRF vulnerabilities. Upon recording our script we can open that script on a browser which should create a new user account without having the user to fill the registration form.
Important references:
For a detailed explanation of CSRF please refer the OWASP article
For prevention of CSRF issues please refer this article
Comments
Post a Comment