CSRF proof of concept Generator

CSRF proof of concept (PoC) Generator is the most useful nonessential tool provided by the Pro version of Burp Suite. This simply takes any request and automatically writes the HTML code for doing a PoC for cross-site request forgery.

Note

Cross-site request forgery is mentioned in the OWASP top-10 risks applications face. Any security testing of a web application without checking for CSRF defenses is incomplete. Burp Suite does the grunt work of generating a PoC HTML page that can be used by the tester to see whether the application checks for CSRF defenses, such as a valid token.

All we have to do is choose a HTTP request, right-click on it, and navigate to Engagement tools | Generate CSRF PoC.

The ideal candidate ...

Get Burp Suite Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Essentials by Akash Mahajan

CSRF proof of concept Generator

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly