Use csrftester to automatically detect CSRF vulnerabilities

CSRFTester Download address : link : https://pan.baidu.com/s/1YEFVmIeyR_kzV23kYIihzg Extraction code : bgq2

1、 The purpose of detection

The purpose of detection is ： Probe web Whether the application has prevention CSRF The measures of . If Web Application's HTTP There is no corresponding precaution in the request , Then it is certain to exist to a large extent CSRF Loophole

2、 Introduction to automatic detection tools

Experimental environment ：win7 In the virtual machine

Steps are as follows

• Set up browser proxy ：127.0.0.1:8008
• Sign in Web Applications , Submit Form , stay CSRF Modify the form content in the tool , See if you want to change , If the change form exists CSRF Loophole .
• production POC Code .

（1） start-up CSRFTester

Need to install JDK8, This JDK8 Install on the front burpsuite Already installed . There's no need to install it here .

（2） Firefox browser settings proxy