Tips & Tricks
Constructing CSRF Attack Pages
RForge is a tool you can use to create CSRF (Cross-site Request Forgery) pages from any HTTP request.
First you need a request to convert into a CSRF attack page. We will use HTTPView to capture one live.
Now that we have a request let's send it to RForge. Most tools in the Suite already have a button for RForge. If the button is not present you need to use escapemode (the command mode available when you press the
Now that the request is loaded into Rfroge all you need to do is to convert it. Press the forge button. You will notice that the editor on the left-hand side is populated with the code of the attack page.
This attack page can now be used to demonstrate or exploit the CSRF vulnerability.