Constructing CSRF Attack Pages

RForge is a tool you can use to create CSRF (Cross-site Request Forgery) pages from any HTTP request.

Step 1

First you need a request to convert into a CSRF attack page. We will use HTTPView to capture one live.

Screenshot 01

Step 2

Now that we have a request let's send it to RForge. Most tools in the Suite already have a button for RForge. If the button is not present you need to use escapemode (the command mode available when you press the ESC key).

Screenshot 02

Step 3

Now that the request is loaded into Rfroge all you need to do is to convert it. Press the forge button. You will notice that the editor on the left-hand side is populated with the code of the attack page.

Screenshot 03

This attack page can now be used to demonstrate or exploit the CSRF vulnerability.