With the Java-based CSRFTester from the Open Web Application Security Project (OWASP), web applications can be easily tested for such vulnerabilities. Basically, it records a legitimate user session and then uses it to build web sites that try to trigger the same actions again.
CSRFTester is relatively easy to use. Once the archive is unpacked, it can be started up using run.bat and entered in the browser as a proxy (by default, the program does its eavesdropping on port 8008), at which point web sites can be called up and used as normal.
Download -
Click here to download the latest OWASP CSRFTester 1.0 binary and startup script.
Click here to download the latest OWASP CSRFTester 1.0 source and binary.
Click here to download the author's presentation at the 2007 OWASP conference in San Jose about the dangers of CSRF and a brief description of both CSRF Guard and CSRF Tester.
Source-
Website -
0 comments:
Post a Comment