Other Tools                                                                Chapter 11

            Using Burp Pro to Generate a CSRF PoC

            A great method for testing for CSRF and generating a code PoC for a CSRF vulnerability is
            using some of the built-in tooling available. Unfortunately, the ability to generate a CSRF
            PoC is only available for Burp Suite Pro users.

            For our test, we're going to revisit a page on XFCTDBOUFTU DPN that we examined in
            $IBQUFS  , Unsanitized Data ` An XSS Case Study, for XSS vulnerabilities that's also
            vulnerable to CSRF attacks.





















































                                                    [ 182 ]